Unknown file in Winsock LSP ??

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
Logfile of HijackThis v1.94.0
Scan saved at 21:22:43, on 17.09.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.web.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SIA5] "C:\Programme\Steganos Internet Anonym 5\sia5.exe" /booting
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe


Hi Guys, i got a question according to this Logfile:

1. what is that Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup ?? does that need to be there??

2. what is wrong with steganos internet anonym 5 ?? and how come its the same "error msg" like 5 times?? the program itself is working fine...

3. how come all these different starting pages ? actually IE is starting with Web.de, and thats the way it should be, can i delete all the other stuff like msn.de, arcor.de and so on ? or are they needed for some kind of "alternative" ??

4. What does Nerocheck.exe do ?

uh that was some more than 1 question, i hope someone can give me some answers...
 
Joined
May 15, 2003
Messages
419
3. how come all these different starting pages ? actually IE is starting with Web.de, and thats the way it should be, can i delete all the other stuff like msn.de, arcor.de and so on ? or are they needed for some kind of "alternative" ??
If you'd like to get rid of them, go ahead, it won't hurt anything.
4. What does Nerocheck.exe do ?
Nerocheck checks for CD-R and CD-RWs I think.
 
Joined
May 3, 2003
Messages
151
Hi seashell-
Please go here and download the latest version of HijackThis-
http://www.tomcoyote.org/hjt/
Then post another log.
As for answers to your questions
1. needed
2. You may need to repair winsock. Not a problem I'll know with your next log
3.Hijackers
4.Nerocheck is associated with nero cd burning software.If you don't use Nero we can delete with the next log.
 

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
Logfile of HijackThis v1.97.2
Scan saved at 10:26:05, on 18.09.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\RegSeeker\RegSeeker.exe
C:\Dokumente und Einstellungen\Markus Menster\Eigene Dateien\Zipstore\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7477F575-8C3E-472C-8CB5-DCA02461F70C}: NameServer = 145.253.2.139 145.253.2.81

ok here is the logfile with the recent version of Hijack this.

give me a hint what can be deletet plz ... and how to repair winsock?
 
Joined
May 3, 2003
Messages
151
Hi seashell-If you are sure you don't want msn,etc do this.
Close all browser windows and check and delete the following-
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O10 - Unknown file in Winsock LSP: c:\programme\steganos internet anonym 5\sselsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de

Restart The computer, search for and delete -
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
From pacs-portal,here
http://www.pacs-portal.co.uk/startup_pages/startup_m.php
mscvrt32.exe -- Added as a result of a unidentified VIRUS!. Named almost , but not exactly like the legitimate msvcrt or msvcrt20.dll
Then go to one of these sites and run a virus scan-
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.wilders.org/free_services.htm
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Then please post another log
 

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
Ok now, ive uninstalled that steganos thing and heres my new log:

Logfile of HijackThis v1.97.2
Scan saved at 16:11:11, on 19.09.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Dokumente und Einstellungen\**********\Eigene Dateien\Zipstore\Tools\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Net Transport\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Net Transport\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Net Transport\NTAddLink.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/sikes/de/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.2508912037
O17 - HKLM\System\CCS\Services\Tcpip\..\{7477F575-8C3E-472C-8CB5-DCA02461F70C}: NameServer = 145.253.2.174 145.253.2.196

i also removed the mscvrt32.exe entry, but no such file was on my disk, i removed that virus weeks ago...

However, im still wondering if everything is ok now with Winsock and stuff - because if im trying to use LSPfix i cant browse anymore, and reinstalling winsock seems a little much work ... at least my internet conection is stable and running now, and no entry in the hijack log. Do i still have t do something about Winsock? isnt there a programm around that repairs that without me having to turn my registry upside down?? or can i just reinstall that from the revovery XP disk?
 

seashell

Thread Starter
Joined
Jun 22, 2003
Messages
125
both scans finished without result ( nothing found)

does that mean my winsock thing is ok?


btw: thanks so far for all the help guys ;-)
 
Joined
May 3, 2003
Messages
151
Hi seashell-
If you are able to connect to the internet you are in good shape-
Log looks good. Glad we could help.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top