[need hjt checked] -
need hjt checked
Discuss need hjt checked
Posted by: greg0r
any help would be appreciated
thanks in advance
-greg0r
Logfile of HijackThis v1.99.1
Scan saved at 11:20:02 PM, on 5/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Brenda\Desktop\hjt\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Steven\LOCALS~1\Temp\ICD2.tmp\svcmm32.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - [url]http://pubgis.co.pinellas.fl.us/ActiveX/ver6/mgaxctrl.cab[/url]
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - [url]http://64.124.45.181/chaincast/proxy/CCMP.cab[/url]
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - [url]http://tpanet.interealty.com/TPA/cab/IRCSharc.cab[/url]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Posted by: Lobos
Hi greg0r
Download [url=http://www.cexx.org/lspfix.htm ]LSPFix[/url] and unzip to your desktop, then run it. Now, we need to:
1. check(tick) "[b][i]I know what i'm doing[/i][/b]".
2. click on (highlight) each occurance of the following, one at a time:
[color=#ff0000][b]flsmngr.dll[/b][/color]
3. then click "[b][i]>>[/i][/b]", mo'ing each one, individually, to the 'Remove' pane.
4. [color=#ff0000][i](double-check, and make sure that only the above files are in the 'Remove'pane.)[/i][/color]
5. click "[b][i]Finish >>[/i][/b]"
===============
Locate and [color=#ff0000][i]delete the following item(s)[/i][/color], if present. Make sure your able to view system and hidden files/ folders:
[i]files...[/i]
[b]c:\windows\system32\[color=#ff0000]flsmngr.dll[/color][/b]
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '[i]in use[/i]', try deleting them from "[url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam]Safe Mode[/url]".
===============
Post back a new log, and let me know how everything goes.
-
Lobos.
Posted by: Warez Monster
Remove entries at your own risk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about :blank This page could possibly be nasty. If you do not know the entry 'about :blank', delete it.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll Entries found in this registry zone are potentially nasty. This application ([FDD3B846-8D59-4ffb-8758-209B6AD74ACC] - Result: FDD3B846-8D59-4ffb-8758-209B6AD74ACC) has been checked Must be fixed!
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Steven\LOCALS~1\Temp\ICD2.tmp\svcmm32.exe" /startup Ouchvideo.com 'n-Lite' spyware Must be fixed!
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org. Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org