 |  |  |  |  |  |  |  |
Winsock.scr error when starting windows
 |
I think after installing the patch for football manager i made a mess o my computer. I´m receiving an error messegge when i start windows and the system is slowing down. As i don´t know what to delete please I need somebodys help to know what to delete, my hijackthis logfile is the following.
Logfile of HijackThis v1.99.0
Scan saved at 04:10:06 p.m., on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
C:\TotalRecorder\TotRecSched.exe
C:\PestPatrol\PPControl.exe
C:\PestPatrol\PPMemCheck.exe
C:\PestPatrol\CookiePatrol.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\windows\system32\srvany.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\system32\resetservice.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...9f92c372c739a3
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: DDE de red - Unknown - C:\windows\system32\netdde.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
Thanks for your help
Marcos from Buenos Aires (Argentina)
Logfile of HijackThis v1.99.0
Scan saved at 04:10:06 p.m., on 15/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
C:\TotalRecorder\TotRecSched.exe
C:\PestPatrol\PPControl.exe
C:\PestPatrol\PPMemCheck.exe
C:\PestPatrol\CookiePatrol.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\windows\system32\srvany.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\system32\resetservice.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...9f92c372c739a3
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: DDE de red - Unknown - C:\windows\system32\netdde.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
Thanks for your help
Marcos from Buenos Aires (Argentina)
Sorry mi logfile is the following:
Logfile of HijackThis v1.99.0
Scan saved at 07:25:57 p.m., on 15/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
C:\TotalRecorder\TotRecSched.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\windows\system32\srvany.exe
C:\windows\system32\resetservice.exe
C:\windows\system32\tcpsvcs.exe
C:\windows\system32\wuauclt.exe
C:\eMule\emule.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...9f92c372c739a3
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
Logfile of HijackThis v1.99.0
Scan saved at 07:25:57 p.m., on 15/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.exe
C:\TotalRecorder\TotRecSched.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\windows\system32\srvany.exe
C:\windows\system32\resetservice.exe
C:\windows\system32\tcpsvcs.exe
C:\windows\system32\wuauclt.exe
C:\eMule\emule.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...9f92c372c739a3
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
•
•
Join Date: Feb 2004
Posts: 9,988
Reputation: 
Solved Threads: 755
Download the Pocket KillBox
Unzip the file to your desktop.
Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).
C:\WINDOWS\System32\svcnet.exe
C:\WINDOWS\dxsetu.exe
c:\windows\winsock.scr
c:\windows\dxsetu.exe
c:\windows\system32\winlog.com
c:\windows\system32\dxwinex.exe
Reboot afterwards if the files are successfully deleted.
If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...99f92c372c739a3
Blazefind Windupdates Adware
Reboot again and post another log.
Unzip the file to your desktop.
Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).
C:\WINDOWS\System32\svcnet.exe
C:\WINDOWS\dxsetu.exe
c:\windows\winsock.scr
c:\windows\dxsetu.exe
c:\windows\system32\winlog.com
c:\windows\system32\dxwinex.exe
Reboot afterwards if the files are successfully deleted.
If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...99f92c372c739a3
Blazefind Windupdates Adware
Reboot again and post another log.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
To begin with, thank you for your help and sorry for my English.
When i tried to delete the files with kill box, the prg told me that those files didnt existed in my system. Could that be because i run the antivirus and deletes some files?
After that i did waht you told me with hijackthis and it was ok. My new logfile is:
Logfile of HijackThis v1.99.0
Scan saved at 11:20:04 p.m., on 16/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\TotalRecorder\TotRecSched.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\windows\system32\srvany.exe
C:\windows\system32\resetservice.exe
C:\windows\system32\tcpsvcs.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
And if is not a problem i would like to know if you know how to solve the following problem: when my machine starts i recieve a messege under DOS? saying: "invalid boot.ini file sarting system from c:windows". After that windows starts normally but i dont know if that may slow down the system. Thank you again
MArcos
When i tried to delete the files with kill box, the prg told me that those files didnt existed in my system. Could that be because i run the antivirus and deletes some files?
After that i did waht you told me with hijackthis and it was ok. My new logfile is:
Logfile of HijackThis v1.99.0
Scan saved at 11:20:04 p.m., on 16/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\TotalRecorder\TotRecSched.exe
C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe
C:\windows\system32\srvany.exe
C:\windows\system32\resetservice.exe
C:\windows\system32\tcpsvcs.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Kaspersky Anti-Virus\kav.exe /minimize
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Archivos de programa\Pop-Up Stopper\PopUpStopperProfessional.exe"
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105813478539
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\windows\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\windows\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Anti-Virus\kavsvc.exe
O23 - Service: Plug and Play - Unknown - C:\windows\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reset 5 - Unknown - C:\windows\system32\srvany.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\windows\System32\vssvc.exe
And if is not a problem i would like to know if you know how to solve the following problem: when my machine starts i recieve a messege under DOS? saying: "invalid boot.ini file sarting system from c:windows". After that windows starts normally but i dont know if that may slow down the system. Thank you again
MArcos
|
Similar Threads
- winsock.scr error message on every start up (Viruses, Spyware and other Nasties)
- winsock.scr and op error/virus (Viruses, Spyware and other Nasties)
- winsock.scr error message on every start up (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Problems loading IE, and Windows Explorer
- Next Thread: Fake "Microsoft Windows Security Warning" & Browser Hijacks
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
