Options
Another about blank (help would be great thanks)
Hey ive had it for a few days now and cant get rid of it. So if anyone could help it would be much appreciated.
My hijackthis log is
Logfile of HijackThis v1.97.7
Scan saved at 16:51:28, on 27/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\usbtapnp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Declan\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {35CC2A82-1BC7-4796-B072-38F800424E22} - C:\WINDOWS\System32\oighj.dll (file missing)
O2 - BHO: (no name) - {4388382B-533B-4E99-A714-24CD73075537} - C:\WINDOWS\System32\kemmboa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\DECLAN~1\MYDOCU~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38033.6253240741
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://sessa.isprime.com:81/tel2net/CABEDialer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{92633FA4-CEC7-4686-B3DA-D0D15D18339F}: NameServer = 159.134.237.6 159.134.248.17
Thanks
My hijackthis log is
Logfile of HijackThis v1.97.7
Scan saved at 16:51:28, on 27/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\usbtapnp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Declan\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kemmboa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {35CC2A82-1BC7-4796-B072-38F800424E22} - C:\WINDOWS\System32\oighj.dll (file missing)
O2 - BHO: (no name) - {4388382B-533B-4E99-A714-24CD73075537} - C:\WINDOWS\System32\kemmboa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\DECLAN~1\MYDOCU~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\System32\usbtapnp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38033.6253240741
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://sessa.isprime.com:81/tel2net/CABEDialer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{92633FA4-CEC7-4686-B3DA-D0D15D18339F}: NameServer = 159.134.237.6 159.134.248.17
Thanks
0
Comments
Thanks again
http://www.short-media.com/forum/showthread.php?t=13743
Because you are running Windows XP, make sure to read the post about the correct file paths for XP.
Let us know if that helped you.
Dexter...
wuauclt.exe looks like trojan/cult-b see => http://www.sophos.com/virusinfo/analyses/trojcultb.html
Definitely run CWShredder, ad-aware, and spybot s&d. Make sure virus protection is up to date.
I would run CWShredder both in normal mode and safe mode.
I seem to have got rid of the about:blank homepage and im gonna try run ad aware and s&d now.
I could not find wuauclt in my registry so im gonna see if both programs will pick it up
Thanks again guys
Did you get rid of about:blank using the technique I linked you?
Please let us know so that we can confirm that this fix is helping others, too, so that we know we are giving good advice
Dexter...
One of the other topics u posted in
Also theres some other stuff here
http://www.daniweb.com/techtalkforums/showthread.php?t=5160
Stoopid about blank
Ill have to try some other stuff
You still having about:blank problems, or did you get it fixed?
I will try to help if you are still having problems, but my Windows XP knowledge is limited. I can probably point to some links for possible solutions.
Jim
That would be great
I looked at the win 98 one but it didnt help as much.
Some links or something would be great coz ive been searching non stop for some solutions but none work properly.
I seem to get rid of it for about a day then it comes back
Thanks again
Next, check out this link => http://www.spywareinfo.com/forums/index.php?showtopic=43492&st=0
There is a hidden reloader that must be eliminated.
aim.exe 2464 C:\Program Files\AIM95\aim.exe AOL Instant Messenger 5.1.3036. Copyright © 1996-2002 America Online, Inc.
ccApp.exe 2452 C:\Program Files\Common Files\Symantec Shared\ccApp.exe Common Client User Session 2.1.1.700. Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
ccEvtMgr.exe 1040 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Common Client Event Manager Service 2.1.1.700. Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
ccProxy.exe 1504 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Common Client Network Proxy Service 2.1.2.800. Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
ccSetMgr.exe 1008 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Common Client Settings Manager Service 2.1.1.700. Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
csrss.exe 468 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process 5.1.2600.0. © Microsoft Corporation. All rights reserved.
eEBSVC.exe 1316 C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe eEBSVC.exe
Explorer.EXE 2140 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
GEARSEC.EXE 1636 C:\WINDOWS\System32\GEARSEC.EXE gearsec 1, 0, 0, 3. Copyright © 2001 GEAR Software
ICQLite.exe 2228 C:\Program Files\ICQLite\ICQLite.exe ICQLite 1, 0, 0. Copyright (C) 2002
iexplore.exe 2332 C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
iexplore.exe 2348 C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
lsass.exe 564 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
msmsgs.exe 4092 C:\Program Files\Messenger\msmsgs.exe Messenger Version 4.7. Copyright (c) Microsoft Corporation 1997-2003
msnmsgr.exe 2480 C:\Program Files\MSN Messenger\msnmsgr.exe Messenger Version 6.1. Copyright (c) Microsoft Corporation 1997-2003
MsPMSPSv.exe 168 C:\WINDOWS\System32\MsPMSPSv.exe WMDM PMSP Service 7.01.00.3055. Copyright (C) Microsoft Corp. 1981-2000
navapsvc.exe 1688 C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe Norton AntiVirus Auto-Protect Service 10.00.2. Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
nvsvc32.exe 1740 C:\WINDOWS\System32\nvsvc32.exe NVIDIA Driver Helper Service, Version 41.09 6.13.10.4109. (C) NVIDIA Corporation. All rights reserved.
PrcView.exe 2028 C:\Documents and Settings\Declan\Desktop\PrcView\PrcView.exe Process Viewer Application 3.7.2.5. Developed by Igor Nys, 1995-2002
qttask.exe 2240 C:\Program Files\QuickTime\qttask.exe QuickTime QuickTime 6.5.1. © Apple Computer, Inc. 2001-2004
SAgent2.exe 1564 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe EPSON Printer Status Agent 1, 0, 0, 0. Copyright (C) SEIKO EPSON CORP. 2000-2001
SAVScan.exe 1776 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe Symantec AntiVirus Scanner 9.2. Copyright (c) 2003 Symantec Corporation
services.exe 552 C:\WINDOWS\system32\services.exe Services and Controller app 5.1.2600.0. © Microsoft Corporation. All rights reserved.
smss.exe 404 C:\WINDOWS\System32\smss.exe Windows NT Session Manager 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
SNDSrvc.exe 1876 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Network Driver Service 5.3. Copyright 2002, 2003 Symantec Corporation
SOUNDMAN.EXE 2264 C:\WINDOWS\SOUNDMAN.EXE Avance Sound Manager 5.0.10. Copyright (c) 2001-2002 Avance Logic, Inc.
spoolsv.exe 1208 C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 764 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 816 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 928 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 960 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
svchost.exe 1944 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
symlcsvc.exe 1964 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Symantec Core Component 1, 8, 48, 79. Copyright (C) 2003
usbtapnp.exe 2248 C:\WINDOWS\System32\usbtapnp.exe ISDN TA PnP Indicator Version 1.01. Copyright © 1999 - 2000
winampa.exe 2220 C:\Program Files\Winamp\winampa.exe winampa.exe
winlogon.exe 496 C:\WINDOWS\system32\winlogon.exe Windows NT Logon Application 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
# Be sure to have at least 1 Internet Explorer window open, then double click on the runme.bat.
# Select option '2' from the menu.
# Notepad will open with a log in it.
Also post a log from option '1'
Should look like this:
Option 1:
Module information for 'EXPLORER.EXE'
MODULE BASE SIZE PATH
SDHELPER.DLL 16e0000 765952 C:\OTHER PROGRAMS\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL 1, 3, 0, 12 Bad download blocker
OLEPRO32.DLL 5f300000 167936 C:\WINDOWS\SYSTEM\OLEPRO32.DLL 5.0.4518
PFIM80EN.DLL 34520000 36864 C:\COREL\SUITE8\PROGRAMS\PFIM80EN.DLL 8.0.0.225 PerfectFit QuickFinder Indexing Language Resource
RASAPI32.DLL 7f8d0000 196608 C:\WINDOWS\SYSTEM\RASAPI32.DLL 4.10.1998 Dial-Up Networking Dynamic Linked Library
* * * * *
* * * * *
Option 2:
Module information for 'IEXPLORE.EXE'
MODULE BASE SIZE PATH
IMGUTIL.DLL 70510000 40960 C:\WINDOWS\SYSTEM\IMGUTIL.DLL
DXTMSFT.DLL 35cb0000 364544 C:\WINDOWS\SYSTEM\DXTMSFT.DLL
DDRAWEX.DLL 65000000 36864 C:\WINDOWS\SYSTEM\DDRAWEX.DLL
DDRAW.DLL baaa0000 389120 C:\WINDOWS\SYSTEM\DDRAW.DLL
NTDLL.DLL bfee0000 20480 C:\WINDOWS\SYSTEM\NTDLL.DLL
* * * * *
* * * * *
Did you download PrcView?
If not, click here for the download => http://www.spywareinfo.com/~merijn/files/pv.zip
When you unzip the file, it should produce a folder named "pv"
In that folder, there should be about eight items, including "runme" and "runme9x" (the "bat" extension may or may not be shown depending on your settings). Double click "runme" for Windows XP. Make sure an IE window is open and choose option 1, then option 2. Please post both logs.
Farley,
I found this link on the site you posted above.
I applied the dllfix script, that the guy created, to a Windows XP Home machine and it seems to have fixed the problem.
Edit... Something strange also happened after that as well. The system couldn't boot because of a bad driver called iesprts.sys (I think was the name). If you have a similar problem just go into safe mode and delete that sys file, and you should be able to get back into windows normally.