1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unknown file in Winsock LSP ??

Discussion in 'Windows XP' started by seashell, Sep 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. seashell

    seashell Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    125
    Logfile of HijackThis v1.94.0
    Scan saved at 21:22:43, on 17.09.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.web.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://search.msn.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [SIA5] "C:\Programme\Steganos Internet Anonym 5\sia5.exe" /booting
    O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
    O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe


    Hi Guys, i got a question according to this Logfile:

    1. what is that Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup ?? does that need to be there??

    2. what is wrong with steganos internet anonym 5 ?? and how come its the same "error msg" like 5 times?? the program itself is working fine...

    3. how come all these different starting pages ? actually IE is starting with Web.de, and thats the way it should be, can i delete all the other stuff like msn.de, arcor.de and so on ? or are they needed for some kind of "alternative" ??

    4. What does Nerocheck.exe do ?

    uh that was some more than 1 question, i hope someone can give me some answers...
     
  2. Mr_Webmaster

    Mr_Webmaster

    Joined:
    May 15, 2003
    Messages:
    419
    If you'd like to get rid of them, go ahead, it won't hurt anything.
    Nerocheck checks for CD-R and CD-RWs I think.
     
  3. OlTramp

    OlTramp

    Joined:
    May 3, 2003
    Messages:
    151
    Hi seashell-
    Please go here and download the latest version of HijackThis-
    http://www.tomcoyote.org/hjt/
    Then post another log.
    As for answers to your questions
    1. needed
    2. You may need to repair winsock. Not a problem I'll know with your next log
    3.Hijackers
    4.Nerocheck is associated with nero cd burning software.If you don't use Nero we can delete with the next log.
     
  4. seashell

    seashell Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    125
    Logfile of HijackThis v1.97.2
    Scan saved at 10:26:05, on 18.09.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
    C:\Programme\Sygate\SPF\Smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\Programme\RegSeeker\RegSeeker.exe
    C:\Dokumente und Einstellungen\Markus Menster\Eigene Dateien\Zipstore\Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: CAPIControl.lnk = ?
    O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
    O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7477F575-8C3E-472C-8CB5-DCA02461F70C}: NameServer = 145.253.2.139 145.253.2.81

    ok here is the logfile with the recent version of Hijack this.

    give me a hint what can be deletet plz ... and how to repair winsock?
     
  5. OlTramp

    OlTramp

    Joined:
    May 3, 2003
    Messages:
    151
    Hi seashell-If you are sure you don't want msn,etc do this.
    Close all browser windows and check and delete the following-
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de

    Restart The computer, search for and delete -
    O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
    From pacs-portal,here
    http://www.pacs-portal.co.uk/startup_pages/startup_m.php
    mscvrt32.exe -- Added as a result of a unidentified VIRUS!. Named almost , but not exactly like the legitimate msvcrt or msvcrt20.dll
    Then go to one of these sites and run a virus scan-
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.wilders.org/free_services.htm
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Then please post another log
     
  6. seashell

    seashell Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    125
    Ok now, ive uninstalled that steganos thing and heres my new log:

    Logfile of HijackThis v1.97.2
    Scan saved at 16:11:11, on 19.09.2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
    C:\Programme\Sygate\SPF\Smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Dokumente und Einstellungen\**********\Eigene Dateien\Zipstore\Tools\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: CAPIControl.lnk = ?
    O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
    O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.2508912037
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7477F575-8C3E-472C-8CB5-DCA02461F70C}: NameServer = 145.253.2.174 145.253.2.196

    i also removed the mscvrt32.exe entry, but no such file was on my disk, i removed that virus weeks ago...

    However, im still wondering if everything is ok now with Winsock and stuff - because if im trying to use LSPfix i cant browse anymore, and reinstalling winsock seems a little much work ... at least my internet conection is stable and running now, and no entry in the hijack log. Do i still have t do something about Winsock? isnt there a programm around that repairs that without me having to turn my registry upside down?? or can i just reinstall that from the revovery XP disk?
     
  7. SexyTech

    SexyTech

    Joined:
    Mar 27, 2002
    Messages:
    8,460
  8. seashell

    seashell Thread Starter

    Joined:
    Jun 22, 2003
    Messages:
    125
    both scans finished without result ( nothing found)

    does that mean my winsock thing is ok?


    btw: thanks so far for all the help guys ;-)
     
  9. OlTramp

    OlTramp

    Joined:
    May 3, 2003
    Messages:
    151
    Hi seashell-
    If you are able to connect to the internet you are in good shape-
    Log looks good. Glad we could help.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unknown file Winsock
  1. Robertico22
    Replies:
    8
    Views:
    547
  2. RoKGiYeon
    Replies:
    8
    Views:
    417
  3. SilverSurf
    Replies:
    1
    Views:
    376
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165458

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice