repair windows xp

  1. 13-06-2005  #1
    rose dunphy
    rose dunphy is offline Newbie

    Re: repair windows xp

    Logfile of HijackThis v1.99.1
    Scan saved at 454 PM, on 6/13/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Dunphy\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;<local>
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
    O1 - Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.108 _sip._tls.sip8.phoneserve.com
    O1 - Hosts: 62.189.6.108 _sip._ssl.sip8.phoneserve.com
    O1 - Hosts: 62.189.6.61 _sip._tls.sip17.phoneserve.com
    O1 - Hosts: 62.189.6.61 _sip._ssl.sip17.phoneserve.com
    O1 - Hosts: 62.189.6.62 _sip._tls.sip18.phoneserve.com
    O1 - Hosts: 62.189.6.62 _sip._ssl.sip18.phoneserve.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/re...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1118476758858
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  2. 17-06-2005  #2
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    After you get your log cleaned up please install SP2 & all subsequent Critical Updates.


    _______________________________
    Last edited by jephree; 17-06-2005 at 07:01 AM.
  3. 17-06-2005  #3
    HJThis
    HJThis is offline Senior Member
    Hello,rose dunphy & Welcome

    Well not much here but for these 2 items

    First move HijackThis to a folder in C:\Drive like so C:\HJT

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    Then close out HijackThis

    & can you tell us what is the problem you are having

    HGD
  4. 18-06-2005  #4
    Lea
    Lea is offline Newbie
    Hey hi...

    You can't help can you?
    I've deleted rundll32.exe and now I can't access any applications, can't do a system restore, run the windows xp disk, basically can't do sod all except get on the net?

    Everytime I go into start>run a dialog box pops up sayin " windows cannot open this file" It doesn't matter what adviose I've followed previously, it just don't work?

    Do I throw the bloody thing outta the window? lol
  5. 18-06-2005  #5
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,Lea

    Well yes we can try to help you with this problem but
    let me say this next time you do this it would be best
    to let us know what the problem is first.

    now here is what i need you to do

    You can download it here (must have WinZip or similar to extract):
    http://www.spywareinfo.com/~merijn/f...undll32_xp.zip

    Extract to the folder it was deleted from, & with you that should
    be in C:\Windows\System32\

    now once you Extract the file install it do a reboot see how it is.

    let us know how it gos

    HGD
    Last edited by HJThis; 18-06-2005 at 08:01 PM.
+ Reply to Thread
« AVG trouble | READ PLEASE: HjThis Log »