Unknown file in Winsock LSP ? and other probs with Hijack log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
Logfile of HijackThis v1.97.2
Scan saved at 10:26:05, on 18.09.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\RegSeeker\RegSeeker.exe
C:\Dokumente und Einstellungen\********\Eigene Dateien\Zipstore\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7477F575-8C3E-472C-8CB5-DCA02461F70C}: NameServer = 145.253.2.139 145.253.2.81

ok here is the logfile with the recent version of Hijack this.

give me a hint what can be deletet plz ... and how to repair winsock?

what about all these entries for IE search engines and start page? i start with web.de and thats the way i want it to do, can i delete the others??
 
Joined
Dec 9, 2000
Messages
45,855
They would be associated with something installed from this provider:

http://www.steganos.com/en/

Are you currenly using any of those applications? Have they been uninstalled?

You do have worm showing in the Scanlog:

O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe

The registry entry should be "fixed" and the file itself deleted if it is still present.

The R1 values in the Scanlog are "created"; that means if you fix them, they should stay deleted. The R0 ones represent "changed" values; that means if you "fix" them a default will be restored.

You can also remove this:

R3 - Default URLSearchHook is missing

And this (of use to developers only):

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


=================
If those Winsock entries remain after uninstalling the associated program (if that's what you want to do), you can repair the Winsock file by using lspfix

http://www.cexx.org/lspfix.htm

Have that downloaded and unzipped before you uninstall the program so that you can run the repair if the uninstall does not work right. You might lose internet access otherwise.

To use lspfix you will have to move those selected protocols to the remove window and tell it you know what you are doing.
 

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
Thx for all the info,


do i have to uninstall that Steganos thing before i use ispfix?
actually i installed it just the other day, i didnt mean to uninstall it again ...
 
Joined
Dec 9, 2000
Messages
45,855
I would uninstall it if you have no use for it; it won't work without it, I'm sure, and if you were to launch it, it might try to recreate them.

If you wan't to keep the application and you are not having any internet connectivity problems, you don't need to do anything.

The HijackThis Scanlog is only reporting on what it doesn't recognize.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top