1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer error APPCOMPAT.txt

Discussion in 'Virus & Other Malware Removal' started by Mocca4, Feb 15, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Mocca4

    Mocca4 Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    6
    Hi
    I am having a problem with internet explore 6. It keeps freezing and says there has been an error in WER20.temp.dir00/appcompat.txt
    I ran Hiajck this and get this log

    Logfile of HijackThis v1.99.0
    Scan saved at 10:06:50 PM, on 15/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\svchost.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Error Nuker\bin\ErrorNuker.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wcpsvsu.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\Wtablet\TabUserW.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\Mocca\New Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
    O4 - HKCU\..\Run: [Sbde] C:\Documents and Settings\Family\Application Data\ssed.exe
    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvsu.exe
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
    O4 - HKCU\..\Run: [mqcertui] C:\WINDOWS\System32\mqcertui.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} (Pco3 Window (Commsec) Control) - http://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe
    O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Digidesign MME Refresh Service - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

    However as i dont know to much about computer this is far as i can go
    Can anyone help me
    Thanks
    Mocca4
     
  2. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    You have a few parasites in there, the below steps will take a bit of time, but please do the following.

    Go to this site and do an online scan of your computer, http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    Then go here and download adaware se personal (free) make sure to update it straight after you have installed it. Do a scan with Adaware and fix everything it finds.

    Then go here and download Spybot Search & Destroy 1.3 http://www.safer-networking.org/en/download/index.html

    Update it also, and then do a scan with it and fix everything it finds.

    After you have completed the above, please reboot and post another Hijack Log.
     
  3. Mocca4

    Mocca4 Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    6
    Hi
    I did what you said and everything seems to be working...im not getting that message any more an no freezing yet..yay
    Thanks Heaps
    Heres my new log

    Logfile of HijackThis v1.99.0
    Scan saved at 1:09:43 AM, on 16/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Error Nuker\bin\ErrorNuker.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wcpsvsu.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\Wtablet\TabUserW.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Mocca\New Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pandasoftware.com/activescan/com/default.asp?IdVendor=1&IdLang=2&IdPais=63
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
    O4 - HKCU\..\Run: [Sbde] C:\Documents and Settings\Family\Application Data\ssed.exe
    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvsu.exe
    O4 - HKCU\..\Run: [mqcertui] C:\WINDOWS\System32\mqcertui.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} (Pco3 Window (Commsec) Control) - http://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09CAB3A2-0637-4602-BD4B-3A4E8AB7A608}: NameServer = 203.2.75.132 198.142.0.51
    O17 - HKLM\System\CS2\Services\Tcpip\..\{09CAB3A2-0637-4602-BD4B-3A4E8AB7A608}: NameServer = 203.2.75.132 198.142.0.51
    O20 - AppInit_DLLs: c:\windows\system32\wdmjhbf.dll
    O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Digidesign MME Refresh Service - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    Hope this all is right
    Thanks so much
    Mocca4
     
  4. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    There are still a couple of suspicious entries in your log, that I am unfamiliar with.

    I have asked a Moderator to move this post to the security section, so someone with more experience reading the logs can advise you.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Still a few there that should alll be fixed by this

    Download AdAware SE from http://www.lavasoft.de/support/download and install it if you haven't already got it. If you have it, then make sure it is updated and configured as described
    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least SE1R27 55.02.2005 or a higher number/later date

    Set up the Configurations as follows:

    General Button
    Safety:
    Check (Green) all three.

    Click on "Proceed"

    Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    Click on "Scan Now"

    Run the scanner using the Full Scan (Perform full system scan) mode.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.


    Reboot &

    Download and install the Micro$oft antispyware BETA from http://www.microsoft.com/athome/security/spyware/software/default.mspx and let it fix anything it finds (when it finds things, please quarantine them rather than delete just in case as it is a beta and occasional False positives happen)

    First press file and check for updates and then run it

    Recent tests suggest that a combination of Adaware & M$AS removes approx 80% of spywares/Adwares, much higher than any other combination

    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www3.ca.com/virusinfo/
    http://www.bitdefender.com/scan/licence.php
    http://www.commandondemand.com/eval/index.cfm
    http://www.freedom.net/viruscenter/onlineviruscheck.html
    http://info.ahnlab.com/english/
    http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp

    reboot again
    and post a fresh HJT log
     
  6. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Go to control panel, add/remove programs and remove these if they are listed

    PSD Tools ChannelUp v1.o

    PSD

    PSD Tools


    Run Hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvsu.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O20 - AppInit_DLLs: c:\windows\system32\wdmjhbf.dll
    O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe (file missing)

    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    How to boot in safe mode
    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"


    Reboot in safe mode and delete these if they are still there.

    C:\Program Files\Common Files\PSD Tools\blengine.exe

    O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvsu.exe



    Delete your temporary files:


    In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

    Empty the recycle bin.

    Reboot and post a new hijackthis log
     
  7. Mocca4

    Mocca4 Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    6
    Hi
    I did everything you guys said and here is my new hj log

    Logfile of HijackThis v1.99.0
    Scan saved at 2:16:33 PM, on 16/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\wdskctl.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\Wtablet\TabUserW.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Mocca\New Folder\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Sbde] C:\Documents and Settings\Family\Application Data\ssed.exe
    O4 - HKCU\..\Run: [mqcertui] C:\WINDOWS\System32\mqcertui.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} (Pco3 Window (Commsec) Control) - http://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09CAB3A2-0637-4602-BD4B-3A4E8AB7A608}: NameServer = 203.2.75.132 198.142.0.51
    O17 - HKLM\System\CS2\Services\Tcpip\..\{09CAB3A2-0637-4602-BD4B-3A4E8AB7A608}: NameServer = 203.2.75.132 198.142.0.51
    O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Digidesign MME Refresh Service - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe


    Thanks again for your help
    Mocca4
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330780

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice