![]() |
|
#1
|
|||
|
|||
|
Hi Dave,
I see the New Thread button now....sorry, I must have in the panic mode right now! Do you think the malware/ spyware/ whatever ware affects the Outlook as well (cannot send/ receive emails and too long then crash) and also cannot open webpage (error must be closed kinda thing). What should I delete from the logfile? Thx & God bless. |
|
#2
|
||||||||||||
|
||||||||||||
|
Please post the log file here.
__________________
My System: Hybr!d
|
|
#3
|
|||
|
|||
|
Hi Dave,
This is for the comp that has Outlook problem... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.3721.com/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost; O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SideStep Browser Helper - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: 3721CMail - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - C:\PROGRA~1\3721\Ces\cesweb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A1626E66-B26B-C628-A1DF-BDACCFA26EE1} - C:\Program Files\Common Files\Relive.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll O2 - BHO: (no name) - {D7515C61-A66C-4319-A0E0-D416CB8059E3} - C:\Program Files\Common Files\Relive.dll O2 - BHO: (no name) - {E3616E66-C13B-2628-2CDF-EDABCFA235E1} - C:\Program Files\Common Files\Relive.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [windows auto update] msblast.exe O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\woso.exe O4 - HKLM\..\Run: [ztsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\ztso.exe O4 - HKLM\..\Run: [mhsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\mhso.exe O4 - HKLM\..\Run: [fysa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\fyso.exe O4 - HKLM\..\Run: [jtsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\jtso.exe O4 - HKLM\..\Run: [wlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wlso.exe O4 - HKLM\..\Run: [wgsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wgso.exe O4 - HKLM\..\Run: [wmsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wmso.exe O4 - HKLM\..\Run: [qjsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\qjso.exe O4 - HKLM\..\Run: [rxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\rxso.exe O4 - HKLM\..\Run: [wdsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wdso.exe O4 - HKLM\..\Run: [tlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\tlso.exe O4 - HKLM\..\Run: [dasa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\daso.exe O4 - HKLM\..\Run: [zxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\zxso.exe O4 - HKLM\..\Run: [aslkgadlkgsl1] C:\WINDOWS\system32\oigdfgdfl1.exe O4 - HKLM\..\Run: [asgfdjs2] C:\WINDOWS\system32\vbsdaas2.exe O4 - HKLM\..\Run: [askasdkcl3] C:\WINDOWS\system32\faskflxld3.exe O4 - HKLM\..\Run: [asfkafsk4] C:\WINDOWS\system32\fdaolfdos4.exe O4 - HKLM\..\Run: [sakdasksd5] C:\WINDOWS\system32\eksdlfs5.exe O4 - HKLM\..\Run: [daskaskfsak6] C:\WINDOWS\system32\dsfids6.exe O4 - HKLM\..\Run: [xcxdsaa7] C:\WINDOWS\system32\slcskxsdl7.exe O4 - HKLM\..\Run: [afskfask8] C:\WINDOWS\system32\fsfjasj8.exe O4 - HKLM\..\Run: [akgkagaksad9] C:\WINDOWS\system32\fsakfask9.exe O4 - HKLM\..\Run: [xzkadsfk10] C:\WINDOWS\system32\afslkfasl10.exe O4 - HKLM\..\Run: [faslkakj11] C:\WINDOWS\system32\kjgagklj11.exe O4 - HKLM\..\Run: [gadkgak12] C:\WINDOWS\system32\fsafsakx12.exe O4 - HKLM\..\Run: [asdsaxcxz13] C:\WINDOWS\system32\dasxcsx13.exe O4 - HKLM\..\Run: [dsadlsa14] C:\WINDOWS\system32\dsakfsak14.exe O4 - HKLM\..\Run: [daskgfkkcx15] C:\WINDOWS\system32\dasdsaads15.exe O4 - HKLM\..\Run: [sakdasj6ksd5] C:\WINDOWS\system32\e656lklfs5.exe O4 - HKLM\..\Run: [apadslasla13] C:\WINDOWS\system32\alsdlaslx13.exe O4 - HKLM\..\Run: [gajklgasjlkga] C:\WINDOWS\system32\aglajgkd16.exe O4 - HKLM\..\Run: [AVPMH] C:\WINDOWS\system32\AVPMH.exe O4 - HKLM\..\Run: [RAVQJMON] C:\Program Files\Internet Explorer\RAVQJMON.exe O4 - HKLM\..\Run: [RAVZTMON] C:\Program Files\Internet Explorer\RAVZTMON.exe O4 - HKLM\..\Run: [AVPZX] C:\WINDOWS\Fonts\AVPZX.exe O4 - HKLM\..\Run: [AVPDH] C:\WINDOWS\system32\AVPDH.exe O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe O4 - HKLM\..\Run: [AVPWD] C:\WINDOWS\system32\AVPWD.exe O4 - HKLM\..\Run: [AVPWL] C:\WINDOWS\system32\AVPWL.exe O4 - HKLM\..\Run: [RAVJZMON] C:\Program Files\Internet Explorer\RAVJZMON.exe O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe O4 - HKLM\..\Run: [RAVWDMON] C:\Program Files\Internet Explorer\RAVWDMON.exe O4 - HKLM\..\Run: [RAV00A0] C:\WINDOWS\system32\RAV00A0.exe O4 - HKLM\..\Run: [RAVWLMON] C:\Program Files\Internet Explorer\RAVWLMON.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing) O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing) O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing) O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing) O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll O11 - Options group: [!CNS] Chinese keywords O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://sterlingstone.dipmap.com:85/c...ecker_6100.cab O16 - DPF: {538FDFF9-E76D-490A-96E6-DC5BE86E27CA} (Export.ctlExport) - http://intra.strongjewel.com/strong/.../prjExport.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094063150316 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://sterlingstone.dipmap.com:85/c...dFile_6100.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?319 O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: mydpri.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
#4
|
|||
|
|||
|
Hi Dave,
Howcome the logfile doesn't show here? Another comp is having problem with webpages...they all push me to the edge. I want to bury my head in the sand right now actually. Do I have to notify the admin why the logfile doesn't show up? |
|
#5
|
|||
|
|||
|
Incomplete log.
|
|
#6
|
|||
|
|||
|
New users cannot post live links to combat spam.
I am the admin here, i have just validated the post. Also, calm down mate, these things take time and I'd advise to do one PC at a time. How many PCs do you have? |
|
#7
|
|||
|
|||
|
Hi evilFantasy,
Finally the logfile showed up...what do you mean incomplete? That's from the HJT logfile....the problem is with outlook (cannot receive/ send emails, very very long then crash). The other comp problem is with opening webpages (error must be closed program). Thx so much, please let me know what to do.... |
|
#8
|
|||
|
|||
|
O sorry Dave,
It's because they call me up & down the stair....one problem after another, I just got here (for God sake). Well, I think there're about 12 maybe 3 more, but the network not stable, so I could not see all of them right now. Thx a bunch guys, my fingers r sweating a bit. |
|
#9
|
|||
|
|||
|
12 PCs?
Yikes. Looks like you have a few busy days EF! On another note feel free to make a donation. This site is primarily intended to help the standalone home user, not big business. Fixing 12 machines is pushing it a bit.
|
|
#10
|
|||
|
|||
|
The log is missing the top part. It should start with Logfile of Trend Micro HijackThis v2.0.2
Also, HijackThis (HJT) logs are a tool to help identify potential problems. It is not a cure for spyware and virus. Simply deleting the entries is the first step in getting rid of the problem. Your other two posts are not completed and the problems are likely to come right back unless followed through with additional instruction. I understand your at work and time is at at premium. But unless all steps are followed through the problems will continue. |