Firefox has encountered an error...
-
Firefox has encountered an error...
Help! I have been recieving this annoing error message for a couple of weeks now. When I launch Firefox I get the error message:
firefox.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
I have even get this error when launching HiJack this!
I have ran spybot, ad-aware, msn spy sweeper, trojan hunter, kaspersky and a few others and I can't seem to kick this virus/spyware. Here is my hiJack log. Thanks for the help!
Logfile of HijackThis v1.99.1
Scan saved at 12:39:54 AM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\D-Tools\daemon.exe
D:\Programs\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programs\iTunes\iTunesHelper.exe
D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programs\Webroot\Spy Sweeper\SpySweeper.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programs\TrojanHunter 4.6\THGuard.exe
D:\Programs\SecCopy\SecCopy.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Programs\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programs\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
D:\Programs\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
E:\_Programs\HiJack This\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {186C1D41-8C86-4F52-885C-E557D7FD4E1B} - C:\WINDOWS\system32\ssqrs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programs\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programs\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [PCLEPCI] D:\Programs\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Programs\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [kav] "D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Programs\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Second Copy] "D:\Programs\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: cleantemp.bat
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programs\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis-web-fs.ci.grandjct.co.us/...s/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141544091421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141844924452
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Welcome,
Please download VundoFix to your desktop.
* Double-click VundoFix.exe to run it.
* Put a check next to "Run VundoFix as a task."
* You will receive a message saying vundofix will close and re-open in a minute or less. Click "OK".
* When VundoFix re-opens, click the "Scan for Vundo" button.
* Once it's done scanning, click the "Remove Vundo" button.
* If it says "No infected files were found", right-click the blank listbox (white box) in the main VundoFix window.
* Select "Add More Files?" from the menu that comes up. This will open a new VundoFix window that says "Paste files into the boxes below:"
* In the top/first field, copy and paste the path to the dll:
C:\WINDOWS\system32\ssqrs.dll
* In the next/second field, copy and paste the path to the reversed file:
C:\WINDOWS\system32\srqss.*
* Click the "Add Files" button.
* Click the "Close Window" button.
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click "YES".
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click "OK".
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.
-
Neal, Thank you so much! You are truly a savior, so far so good after running the vundofix it removed the files, I haven't had any problems yet with FF or popups! I'll cross my fingers! Thanks again for the help, and a BIG thanks for the quick response!
Here are my logs
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=
VundoFix V6.2.2
Checking Java version...
Sun Java not detected
Scan started at 11:58:00 AM 10/14/2006
Listing files found while scanning....
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\vvkpvoua.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vvkpvoua.dll
C:\WINDOWS\system32\vvkpvoua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!
Performing Repairs to the registry.
Done!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=
Logfile of HijackThis v1.99.1
Scan saved at 12:14:22 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\D-Tools\daemon.exe
D:\Programs\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programs\iTunes\iTunesHelper.exe
D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programs\Webroot\Spy Sweeper\SpySweeper.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programs\TrojanHunter 4.6\THGuard.exe
D:\Programs\SecCopy\SecCopy.exe
D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
D:\Programs\Logitech\SetPoint\KEM.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programs\Logitech\SetPoint\KHALMNPR.EXE
D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Programs\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programs\Mozilla Firefox\firefox.exe
E:\_Programs\HiJack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {8E78D482-6F34-4C0A-87AF-498E272A421B} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programs\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programs\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [PCLEPCI] D:\Programs\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Programs\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [kav] "D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Programs\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Second Copy] "D:\Programs\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: cleantemp.bat
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programs\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis-web-fs.ci.grandjct.co.us/...s/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141544091421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141844924452
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Good news,
We must disable Spy Sweeper for it may interfere with our fix
To disable SpySweeper:- Right click on the SpySweeper icon in your System Tray (near the clock).
- From the pop up menu, left click on Shields, this will open the program at the same time.
- Under the Internet Explorer Tab, uncheck all boxes (if already checked).
- Under the Windows System Tab, uncheck the following shields (if already checked):
- Memory Shield
- Spy Installation Shield
- Under the Startup Programs Tab, uncheck the Startup Shield box (if already checked).
- Under the Browser Add-ons Tab, uncheck the Browser Helper Object box (if already checked).
Note: Remember to re-enable these shields once we have completed our work.
May have to disable Trojan Hunter as well to make the needed hijackthis fixes
Run hijackthis and click on scan button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {8E78D482-6F34-4C0A-87AF-498E272A421B} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
Nothing open but hijackthis and click on fix checked.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
winepi32.dll
Reboot normal mode and tell me how things are now.
-
Neal, performed the steps you gave me. I do see an improvement in performance and I haven't been getting any errors, again thanks for your help!
Logfile of HijackThis v1.99.1
Scan saved at 1:08:11 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\D-Tools\daemon.exe
D:\Programs\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programs\iTunes\iTunesHelper.exe
D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programs\SecCopy\SecCopy.exe
D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
D:\Programs\Logitech\SetPoint\KEM.exe
D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programs\Logitech\SetPoint\KHALMNPR.EXE
D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Programs\Mozilla Thunderbird\thunderbird.exe
E:\_Programs\HiJack This\HijackThis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT 1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {8E78D482-6F34-4C0A-87AF-498E272A421B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programs\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programs\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K 1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [PCLEPCI] D:\Programs\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Programs\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [kav] "D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Programs\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Second Copy] "D:\Programs\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Programs\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: cleantemp.bat
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programs\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programs\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis-web-fs.ci.grandjct.co.us/...s/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141544091421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141844924452
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Programs\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programs\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programs\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Hi,
Run hijackthis and click on scan button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {8E78D482-6F34-4C0A-87AF-498E272A421B} - (no file)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
Nothing open but hijackthis and click on fix checked.
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Uncheck cookies
Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.
Then Reboot (Exit)
How is she behaving now?
