Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE6 Craches


  • Please log in to reply
9 replies to this topic

#1 tirosh

tirosh

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 April 2005 - 03:33 AM

Hi all,

I posted in Google groups about IE6 crashing for one user on my home system but not the other users (see http://groups-beta.google.com/group/micros...6658c8b65cdc20). One of the MS MVPs recommended that I install and run HiJackThis. I have now done this and run it for a user with the problem and a user without the problem. Can anyone help with the contents of these logs.

Thanks in advance,

Tirosh.

BC AdBot (Login to Remove)

 


m

#2 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 April 2005 - 03:35 AM

Here is the log of the problem user

Logfile of HijackThis v1.99.1
Scan saved at 09:18:56, on 14/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
G:\Program Files\NMapWin\bin\nmapserv.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Dantz\Retrospect\retrorun.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\fxssvc.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Creative\ShareDLL\CtNotify.exe
G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
G:\WINDOWS\MXOALDR.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Creative\ShareDLL\Mediadet.exe
H:\My Data\Downloads\Downloads Latest\PC Protection\HiJackThis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lordoftherings.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - G:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yell.com - {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} - G:\WINDOWS\DOWNLO~1\yellbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] G:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SSC Service Utility] G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [MXO Auto Loader] G:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AirTouch Deluxe keyboard.lnk = G:\Program Files\AirTouch Deluxe keyboard\MagicKey.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirTouch Deluxe keyboard.lnk
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = G:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - G:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - G:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...4/OCI/setup.exe
O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} (Yell.com) - http://uk.yell.com/tools/toolbar/yellbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13dbf0fcac98e1...ip/RdxIE601.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftest/Prg/ESTPTest.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{613325E0-4427-4887-A1F0-993CBE2F0591}: NameServer = 213.208.106.213 213.208.106.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8FABD-91BF-41F5-84AC-5AAD24D03600}: Domain = int.mediasurface.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8FABD-91BF-41F5-84AC-5AAD24D03600}: NameServer = 10.0.7.199 10.0.5.5 10.0.5.5 10.0.5.33
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NMap - Unknown owner - G:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OracleDimensionsClientCache - Unknown owner - G:\Win32App\PVCS\Dimensions\ORANT\BIN\ONRSD.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - G:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

#3 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 April 2005 - 03:37 AM

Here is the log of another user that does not have the problem

Logfile of HijackThis v1.99.1
Scan saved at 08:55:29, on 14/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
G:\Program Files\NMapWin\bin\nmapserv.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\Program Files\Dantz\Retrospect\retrorun.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\fxssvc.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Creative\ShareDLL\CtNotify.exe
G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
G:\WINDOWS\MXOALDR.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\SecCopy\SecCopy.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\AirTouch Deluxe keyboard\MagicKey.exe
G:\Program Files\Creative\ShareDLL\Mediadet.exe
G:\Program Files\AirTouch Deluxe keyboard\OSD.EXE
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
G:\WINDOWS\system32\mstsc.exe
G:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
G:\Program Files\Outlook Express\msimn.exe
G:\Program Files\Internet Explorer\iexplore.exe
H:\My Data\Downloads\Downloads Latest\PC Protection\HiJackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lnwcsbiyazpkgipgohh.com//TNBMQd...xRajjVMrzH.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nildram.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - G:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yell.com - {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} - G:\WINDOWS\DOWNLO~1\yellbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] G:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SSC Service Utility] G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [MXO Auto Loader] G:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Second Copy 2000] "G:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BHODemon 2.0.lnk = G:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirTouch Deluxe keyboard.lnk = G:\Program Files\AirTouch Deluxe keyboard\MagicKey.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = G:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - G:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - G:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...4/OCI/setup.exe
O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} (Yell.com) - http://uk.yell.com/tools/toolbar/yellbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13dbf0fcac98e1...ip/RdxIE601.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftest/Prg/ESTPTest.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{613325E0-4427-4887-A1F0-993CBE2F0591}: NameServer = 213.208.106.213 213.208.106.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8FABD-91BF-41F5-84AC-5AAD24D03600}: Domain = int.mediasurface.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC8FABD-91BF-41F5-84AC-5AAD24D03600}: NameServer = 10.0.7.199 10.0.5.5 10.0.5.5 10.0.5.33
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NMap - Unknown owner - G:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OracleDimensionsClientCache - Unknown owner - G:\Win32App\PVCS\Dimensions\ORANT\BIN\ONRSD.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - G:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 PM

Posted 16 April 2005 - 12:15 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lnwcsbiyazpkgipgohh.com//TNBMQd...xRajjVMrzH.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13dbf0fcac98e1...ip/RdxIE601.cab

Reboot your computer and post a new log.

#5 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 18 April 2005 - 02:17 AM

Grinler, thanks for the reply. I'll try this as soon as I get home tonight and let you know.

Tirosh.

#6 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 18 April 2005 - 12:38 PM

Here is the log AFTER the above fixes are applied. Won't know if the problem has been fixed for a while yet.

Logfile of HijackThis v1.99.1
Scan saved at 18:35:20, on 18/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\System32\CTsvcCDA.exe
G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
G:\Program Files\NMapWin\bin\nmapserv.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\fxssvc.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Creative\ShareDLL\CtNotify.exe
G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe
G:\WINDOWS\MXOALDR.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
G:\Program Files\SecCopy\SecCopy.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\AirTouch Deluxe keyboard\MagicKey.exe
G:\Program Files\Creative\ShareDLL\Mediadet.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\AirTouch Deluxe keyboard\V3D.exe
G:\Program Files\AirTouch Deluxe keyboard\OSD.EXE
G:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
H:\My Data\Downloads\Downloads Latest\PC Protection\HiJackThis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nildram.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - G:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yell.com - {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} - G:\WINDOWS\DOWNLO~1\yellbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] G:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SSC Service Utility] G:\Program Files\EPSON\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [MXO Auto Loader] G:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [Second Copy 2000] "G:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirTouch Deluxe keyboard.lnk = G:\Program Files\AirTouch Deluxe keyboard\MagicKey.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = G:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - G:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - G:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...4/OCI/setup.exe
O16 - DPF: {4E7BD74F-2B8D-469E-C0FF-FD60B890A37D} (Yell.com) - http://uk.yell.com/tools/toolbar/yellbar.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/selftest/Prg/ESTPTest.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{613325E0-4427-4887-A1F0-993CBE2F0591}: NameServer = 213.208.106.212 213.208.106.213
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - G:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - G:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NMap - Unknown owner - G:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OracleDimensionsClientCache - Unknown owner - G:\Win32App\PVCS\Dimensions\ORANT\BIN\ONRSD.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - G:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 PM

Posted 18 April 2005 - 08:36 PM

Do you use zone alarm on that machine?

Fix this last item:

O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - G:\PROGRA~1\DzSoft\FAVORI~1\FavSeek.dll

#8 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 19 April 2005 - 01:45 AM

Yes I do use Zone Alarm.

I'll fix this item when I get home from work tonight and feed back the results tomorrow.

Thanks gain for your help Grinler.

Tirosh.

#9 tirosh

tirosh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 20 April 2005 - 03:18 AM

It's all looking positive. My son used the computer last night for a few hours and din't get a single crash. I hope this has sorted the problem. Will post back if it comes back. Many thanks for your help Grinler.

Tirosh.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:36 PM

Posted 20 April 2005 - 10:44 AM

Now that you are clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users