RUNDLL error "cnmss"
Solved
dacodac
Posted messages
20
Status
Membre
-
zut80 -
zut80 -
Hello
I have an error message when opening WXP:
"RUNDLL loading error from C:\DOCUME~1\PROPRI~1\cnmss"
It seems to be related to a Canon peripheral, probably the printer.
I have reinstalled the driver without success.
Any ideas
Thank you
Kudos for your site and forum which have often helped me, but this time I can't find anything
Got it
I have an error message when opening WXP:
"RUNDLL loading error from C:\DOCUME~1\PROPRI~1\cnmss"
It seems to be related to a Canon peripheral, probably the printer.
I have reinstalled the driver without success.
Any ideas
Thank you
Kudos for your site and forum which have often helped me, but this time I can't find anything
Got it
Configuration: Windows XP Internet Explorer 7.0 Canon Pixma IP1600 printer Canon Lide35 scanner
13 réponses
Hello,
No visible trace of this process!
We will need to do some cleaning,
BUT FIRST:
1°) Clearly, you do not have an active firewall,
you can install "kerio" which you will find in "utilities" on my personal site
2°) ((a note: second to last line iPod service? I don't have an iPod))
in that case, check in "add & remove programs" if it is there, in which case you can uninstall it,
otherwise, go to "start" > "run" > type: msconfig > ok
in the window that opens, click on "services",
look for the line corresponding to "Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe" and uncheck the corresponding box.
> ok > restart.
on return, check the box "don't show again..." > ok.
delete the folder located here (in bold): C:\Program Files\iPod
3°) return to my personal site and follow the complete procedure for "disinfect-clean."
4°) refer to the hijackthis download link to "fix" these lines if they reappear:
BUT BE CAREFUL: the two "06" are just in case you didn't set this restriction on your machine
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://scpddmp.dnsalias.net/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
>>>> keep us informed of the final result
see you later
--
**(show me the way and I will find the path all by myself.)**
No visible trace of this process!
We will need to do some cleaning,
BUT FIRST:
1°) Clearly, you do not have an active firewall,
you can install "kerio" which you will find in "utilities" on my personal site
2°) ((a note: second to last line iPod service? I don't have an iPod))
in that case, check in "add & remove programs" if it is there, in which case you can uninstall it,
otherwise, go to "start" > "run" > type: msconfig > ok
in the window that opens, click on "services",
look for the line corresponding to "Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe" and uncheck the corresponding box.
> ok > restart.
on return, check the box "don't show again..." > ok.
delete the folder located here (in bold): C:\Program Files\iPod
3°) return to my personal site and follow the complete procedure for "disinfect-clean."
4°) refer to the hijackthis download link to "fix" these lines if they reappear:
BUT BE CAREFUL: the two "06" are just in case you didn't set this restriction on your machine
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://scpddmp.dnsalias.net/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
>>>> keep us informed of the final result
see you later
--
**(show me the way and I will find the path all by myself.)**
Hello,
why not "National Military Social Security Fund" :)
click on my name at the top of this message and then on the link to the personal site,
in the window that opens (add it to your bookmarks, you might need it :)
choose "utilities" to install "hijackthis" and post a scan report
see you soon ;)
--
**(show me the way and I'll find the path on my own.)**
why not "National Military Social Security Fund" :)
click on my name at the top of this message and then on the link to the personal site,
in the window that opens (add it to your bookmarks, you might need it :)
choose "utilities" to install "hijackthis" and post a scan report
see you soon ;)
--
**(show me the way and I'll find the path on my own.)**
thank you for proposing it
here it is
Logfile of HijackThis v1.99.1
Scan saved at 23:18:18, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&font=1&word=DoDaCo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Canon IJ Status Monitor Canon iP1600.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add to print list - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Quick print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: Create a mobile device favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menu item: Create a mobile device favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://scpddmp.dnsalias.net/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://techgenix.com/security/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{33896666-C211-4635-B1BA-8CE3241AD679}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{775D14F0-4EE9-4742-8D3A-ADE7640D66C6}: NameServer = 192.168.2.1
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
one remark: second to last line iPod service? I don't have an iPod
See you
got it
here it is
Logfile of HijackThis v1.99.1
Scan saved at 23:18:18, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&font=1&word=DoDaCo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Canon IJ Status Monitor Canon iP1600.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add to print list - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Quick print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: Create a mobile device favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menu item: Create a mobile device favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://scpddmp.dnsalias.net/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://techgenix.com/security/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{33896666-C211-4635-B1BA-8CE3241AD679}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{775D14F0-4EE9-4742-8D3A-ADE7640D66C6}: NameServer = 192.168.2.1
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
one remark: second to last line iPod service? I don't have an iPod
See you
got it
Good evening
here's where I stand:
1/ the XP firewall is indeed activated
2/ no trace of the iPod service, neither in add-remove programs nor in the "startup" tab of msconfig.
However, in this tab, I found a line with my original error message that was checked and I unchecked it, since then it has disappeared.
3/ I still ran Ad-Fix and here is the report
Ad-Fix v0.101a
by gchris
OPTION 1 (Scan) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at:
14:00:34,75 27/04/2007
Executed from:
C:\Documents and Settings\Owner\Desktop\Ad-Fix\Ad-Fix
OS:
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hidden files (not necessarily harmful)
.exe in System32:
No matches found.
.dll in System32:
C:\WINDOWS\SYSTEM32\
cncs32.dll Thu 13 Mar 2003 12:06:14 A..H. 171 520 167.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 171 520 bytes 167.50 K
.dat in System32:
C:\WINDOWS\SYSTEM32\
zllictbl.dat Fri 4 Feb 2005 15:08:44 ...H. 4 212 4.11 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\APPLIC~1\MICROS~1\WINDOWS\
usrclass.dat Sun 16 Jan 2005 16:19:58 A..H. 262 144 256.00 K
2 items found: 2 files, 0 directories.
Total of file sizes: 266 356 bytes 260.11 K
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Analyzing the registry
---------- USER AGENT -- POST PLATFORM
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Avant Browser"="IEAK"
----------
---------- AppInit_DLLs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="\"C:\\PROGRA~1\\Google\\Google Desktop Search\\GoogleDesktopNetwork3.dll\""
"LoadAppInit_DLLs"=dword:00000001
----------
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Detected!
HKLM\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Detected!
Complete!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for files and folders
C:\StubInstaller.exe Detected!
C:\WINDOWS\Downloaded Program Files\CONFLICT.? Detected!
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Detected!
C:\WINDOWS\Downloaded Program Files\setup.inf Detected!
C:\WINDOWS\ieuninst.exe Detected!
C:\WINDOWS\Q330994.exe Detected!
C:\Progra~1\*.dat Detected!
C:\Progra~1\Media Detected!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Finished at 14:03:27,09
for the rest of the cleaning, I ran spybot which detected two spyware that I put in quarantine
the first named Microsoft WindowsSecurityCenter_disabled
and the second GuardianMonitor.
For what's next I will have a big problem
every attempt to boot in safe mode ends in a complete freeze with a black screen on my flat screen. However, it works with my old CRT monitor?!?! If you have an explanation I'm all ears
thanks again for the time you dedicate to online support
Sincerely
dacodac
here's where I stand:
1/ the XP firewall is indeed activated
2/ no trace of the iPod service, neither in add-remove programs nor in the "startup" tab of msconfig.
However, in this tab, I found a line with my original error message that was checked and I unchecked it, since then it has disappeared.
3/ I still ran Ad-Fix and here is the report
Ad-Fix v0.101a
by gchris
OPTION 1 (Scan) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at:
14:00:34,75 27/04/2007
Executed from:
C:\Documents and Settings\Owner\Desktop\Ad-Fix\Ad-Fix
OS:
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hidden files (not necessarily harmful)
.exe in System32:
No matches found.
.dll in System32:
C:\WINDOWS\SYSTEM32\
cncs32.dll Thu 13 Mar 2003 12:06:14 A..H. 171 520 167.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 171 520 bytes 167.50 K
.dat in System32:
C:\WINDOWS\SYSTEM32\
zllictbl.dat Fri 4 Feb 2005 15:08:44 ...H. 4 212 4.11 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\APPLIC~1\MICROS~1\WINDOWS\
usrclass.dat Sun 16 Jan 2005 16:19:58 A..H. 262 144 256.00 K
2 items found: 2 files, 0 directories.
Total of file sizes: 266 356 bytes 260.11 K
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Analyzing the registry
---------- USER AGENT -- POST PLATFORM
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Avant Browser"="IEAK"
----------
---------- AppInit_DLLs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="\"C:\\PROGRA~1\\Google\\Google Desktop Search\\GoogleDesktopNetwork3.dll\""
"LoadAppInit_DLLs"=dword:00000001
----------
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Detected!
HKLM\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Detected!
Complete!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for files and folders
C:\StubInstaller.exe Detected!
C:\WINDOWS\Downloaded Program Files\CONFLICT.? Detected!
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Detected!
C:\WINDOWS\Downloaded Program Files\setup.inf Detected!
C:\WINDOWS\ieuninst.exe Detected!
C:\WINDOWS\Q330994.exe Detected!
C:\Progra~1\*.dat Detected!
C:\Progra~1\Media Detected!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Finished at 14:03:27,09
for the rest of the cleaning, I ran spybot which detected two spyware that I put in quarantine
the first named Microsoft WindowsSecurityCenter_disabled
and the second GuardianMonitor.
For what's next I will have a big problem
every attempt to boot in safe mode ends in a complete freeze with a black screen on my flat screen. However, it works with my old CRT monitor?!?! If you have an explanation I'm all ears
thanks again for the time you dedicate to online support
Sincerely
dacodac
Hello,
use the working screen for now, we're finishing the cleaning:
* restart ad-fix and execute option "2"
* click here to do an online scan http://komun.chez-alice.fr/Utilitaires.html#scan_avec_bitdefender and post the generated report
see you later
--
**(show me the way and I'll find the path by myself.)**
use the working screen for now, we're finishing the cleaning:
* restart ad-fix and execute option "2"
* click here to do an online scan http://komun.chez-alice.fr/Utilitaires.html#scan_avec_bitdefender and post the generated report
see you later
--
**(show me the way and I'll find the path by myself.)**
hello
I have made progress in the process
here is the FixNavi report
Search Navipromo version 1.1.5 started on 30/04/2007 at 16:51:53,32
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection part without the advice of a specialist!!!
Fix launched from C:\Program Files\NaviFix
Updated on 13.04.2007 at 20:00 by IL-MAFIOSO
Executed in normal mode
*** Searching installed programs ***
*** Searching directories in C:\WINDOWS ***
*** Searching directories in C:\Program Files ***
*** Searching directories in C:\Documents and Settings\All Users\Application Data ***
*** Searching directories in C:\Documents and Settings\Owner\Application Data ***
*** Scanning with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 04/30/07 at 16:51:54.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 04/30/07 at 17:06:30 (return code = 0).
*** Searching files ***
*** Searching registry keys ***
Searching in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Searching in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Searching Key Magic Control
*** Additional Search Module ***
(Searching specific files)
1) Searching known files:
2) Heuristic Search:
*
**
***
****
*****
******
*******
********
*** Analysis Completed on 30/04/2007 at 17:08:32,07 ***
and here is the one from AdFix (choice 2)
Ad-Fix v0.101a
by gchris
OPTION 2 (Fix) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at :
16:38:35,56 30/04/2007
in normal mode
Executed from :
C:\Documents and Settings\Owner\Desktop\System Tools\Ad-Fix
OS :
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Cleaning the registry
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Deleted!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deleting files
C:\StubInstaller.exe Deleted!
C:\Progra~1\*.dat Deleted!
C:\WINDOWS\Downloaded Program Files\setup.inf Deleted!
C:\WINDOWS\ieuninst.exe Deleted!
C:\WINDOWS\Q330994.exe Deleted!
C:\Progra~1\Media Deleted!
Failed to delete: C:\WINDOWS\Downloaded Program Files\CONFLICT.?
Failed to delete: C:\WINDOWS\Downloaded Program Files\CONFLICT.??
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Completed at 16:44:53,65
Restart completed
C:\WINDOWS\Downloaded Program Files\CONFLICT.? Deleted on restart!
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Deleted on restart!
regarding the BitDefender scan it detected that the file "C:\WINDOWS\system32\activescan\pskahk.dll" was infected with Generic.Malware.SIMDWNYVdpm51496DA0
and it deleted it
as for the safe mode part I am working on it
thank you for your help
dacodac
I have made progress in the process
here is the FixNavi report
Search Navipromo version 1.1.5 started on 30/04/2007 at 16:51:53,32
!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection part without the advice of a specialist!!!
Fix launched from C:\Program Files\NaviFix
Updated on 13.04.2007 at 20:00 by IL-MAFIOSO
Executed in normal mode
*** Searching installed programs ***
*** Searching directories in C:\WINDOWS ***
*** Searching directories in C:\Program Files ***
*** Searching directories in C:\Documents and Settings\All Users\Application Data ***
*** Searching directories in C:\Documents and Settings\Owner\Application Data ***
*** Scanning with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.
[+] Started on 04/30/07 at 16:51:54.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 04/30/07 at 17:06:30 (return code = 0).
*** Searching files ***
*** Searching registry keys ***
Searching in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Searching in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Searching Key Magic Control
*** Additional Search Module ***
(Searching specific files)
1) Searching known files:
2) Heuristic Search:
*
**
***
****
*****
******
*******
********
*** Analysis Completed on 30/04/2007 at 17:08:32,07 ***
and here is the one from AdFix (choice 2)
Ad-Fix v0.101a
by gchris
OPTION 2 (Fix) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at :
16:38:35,56 30/04/2007
in normal mode
Executed from :
C:\Documents and Settings\Owner\Desktop\System Tools\Ad-Fix
OS :
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Cleaning the registry
HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Deleted!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deleting files
C:\StubInstaller.exe Deleted!
C:\Progra~1\*.dat Deleted!
C:\WINDOWS\Downloaded Program Files\setup.inf Deleted!
C:\WINDOWS\ieuninst.exe Deleted!
C:\WINDOWS\Q330994.exe Deleted!
C:\Progra~1\Media Deleted!
Failed to delete: C:\WINDOWS\Downloaded Program Files\CONFLICT.?
Failed to delete: C:\WINDOWS\Downloaded Program Files\CONFLICT.??
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Completed at 16:44:53,65
Restart completed
C:\WINDOWS\Downloaded Program Files\CONFLICT.? Deleted on restart!
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Deleted on restart!
regarding the BitDefender scan it detected that the file "C:\WINDOWS\system32\activescan\pskahk.dll" was infected with Generic.Malware.SIMDWNYVdpm51496DA0
and it deleted it
as for the safe mode part I am working on it
thank you for your help
dacodac
Good evening,
how's it going
for ad-fix and navifix it's all good so no need to use them again
good luck!
--
**(show me the way and I'll find my own path.)**
how's it going
for ad-fix and navifix it's all good so no need to use them again
good luck!
--
**(show me the way and I'll find my own path.)**
well, it's ok
I've followed your protocol to the letter
below is the BitDefender and NaviFix report (AdFix found nothing)
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, May 01, 2007 - 09:40:11
Scan Info
Scanned Files 963994
Infected Files 2
Virus Detected
Win32.Radix.B@mm 2
This summary of the scan process will be used by the BitDefender Antivirus Lab to create aggregate statistics about virus activity around the world.
---------------------------------------------------------------------------
Ad-Fix v0.101a
by gchris
OPTION 2 (Fix) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at:
14:43:00,06 01/05/2007
in safe mode
Executed from:
C:\Documents and Settings\Owner\Desktop\System Tools\Ad-Fix
OS:
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Cleaning the registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Deleted!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deleting files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Completed at 15:41:32,85
Reboot performed
there you go
the problem of the black screen in safe mode remains to be resolved,
I will make a new post on this subject
thanks again
got it
I've followed your protocol to the letter
below is the BitDefender and NaviFix report (AdFix found nothing)
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, May 01, 2007 - 09:40:11
Scan Info
Scanned Files 963994
Infected Files 2
Virus Detected
Win32.Radix.B@mm 2
This summary of the scan process will be used by the BitDefender Antivirus Lab to create aggregate statistics about virus activity around the world.
---------------------------------------------------------------------------
Ad-Fix v0.101a
by gchris
OPTION 2 (Fix) :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Started at:
14:43:00,06 01/05/2007
in safe mode
Executed from:
C:\Documents and Settings\Owner\Desktop\System Tools\Ad-Fix
OS:
Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Searching for missing files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Cleaning the registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Deleted!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deleting files
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Completed at 15:41:32,85
Reboot performed
there you go
the problem of the black screen in safe mode remains to be resolved,
I will make a new post on this subject
thanks again
got it
Hi lance_yien
I haven't had a response to my last message
Everything is okay?
--
Got it
Blanquefort 33
I haven't had a response to my last message
Everything is okay?
--
Got it
Blanquefort 33
Hello dacodac,
I'm sorry, I must have missed your last post
yes, it's all good for me if it's okay on your end too
regarding your screen, it's a good idea (I don't know what to suggest on my side)
good luck
--
**(show me the direction and I will find my way on my own.)**
I'm sorry, I must have missed your last post
yes, it's all good for me if it's okay on your end too
regarding your screen, it's a good idea (I don't know what to suggest on my side)
good luck
--
**(show me the direction and I will find my way on my own.)**
Hello,
I apologize for revisiting this closed discussion, but I encounter this message every time I boot my PC
A HP Media Center running Vista Professional with Firefox.
I searched thoroughly on Copernic, and the only link I found directed me to you. Could you help me resolve it?
Thank you in advance
Pierre
I apologize for revisiting this closed discussion, but I encounter this message every time I boot my PC
A HP Media Center running Vista Professional with Firefox.
I searched thoroughly on Copernic, and the only link I found directed me to you. Could you help me resolve it?
Thank you in advance
Pierre