Member Panel

mikeyaj

i load up my machine as per usual and norton antivirus cannot load up at startup because it says i have a corrupted or missing ccimscan.dll and defalert.dll.

norton seems to be ****ed up and symantec webapage has no solution, which also has coincided with my roxio cd buring version 5 basic. roxio doesn't load up at all, and also in windows media player 9, i cannot burn cd's as it says the roxio burining engine is not there and or the directcdbf.dll is missing.

i performed scandisk and all that ***** and on that programme in windows where it tells you if you need to replace files ( can't remember its name). anyway the files that are corrupted are uneng.exe (which i found out is the roxio burn engine unistall programme???) and the tntlvr.dll is corrupted too. don't know what this tnt thing is but i am assuming its my tnt2 graphics card???, but it isnt showing any problems.

i have adaware and regulary use it, and hijack this only workd using the old version so i will post the log file thing here. i am totally confussed as all this happened out of the blue the other day. thanks in adavance. please help me

Logfile of HijackThis v1.97.7
Scan saved at 18:57:24, on 05/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/...yahoo.com/mail
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...712.4548958333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/273f22a5...p/RdxIE601.cab

joe5

Hya Mikey, welcome to PCHF.

I don't see anything wrong sofar, but atm you have both Norton and AVG running next to each other. To prevent conflict problems I would disable/uninstall one of them.

Please download and run silentrunners:

http://www.silentrunners.org/Silent%20Runners.zip

Save it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the contents of the log back.

And also try a Panda online scan here:

PC Help Forum.com - Computer Tech Support

And post the log from that aswell please.

mikeyaj

norton has already been removed (i want it back and will take off avg once i have found the solution)

that log file was done just before i removed norton. avg was put on after the problem with norton started as i don't wanna run without a virus checker.

mikeyaj

here is the silentrunners log file thing

Silent Runners.vbs", revision 47, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"ScanRegistry" = "c:\windows\scanregw.exe /autorun" [MS]
"TaskMonitor" = "c:\windows\taskmon.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"AtiQiPcl" = "AtiQiPcl.exe" ["ATI Technologies Inc."]
"SpeedTouch USB Diagnostics" = ""C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"CriticalUpdate" = "c:\windows\SYSTEM\wucrtupd.exe -startup" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AVG7_CC" = "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE" ["GRISOFT, s.r.o."]
"AVG7_AMSVR" = "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"winmodem" = "WINMODEM.101\wmexe.exe" ["U.S. Robotics, Inc."]
"KB891711" = "c:\windows\SYSTEM\KB891711\KB891711.EXE" [MS]
"KB918547" = "C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE" [MS]
"ccEvtMgr" = ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "c:\windows\Clouds.bmp"

Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------
C:\WINDOWS\Start Menu\Programs\StartUp
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

Enabled Scheduled Tasks:
------------------------
"Tune-up Application Start" -> launches: "walign" [MS]
"Windows Critical Update Notification" -> launches: "C:\WINDOWS\SYSTEM\WUCRTUPD.EXE" [MS]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "c:\windows\SYSTEM\rnr20.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
c:\windows\SYSTEM\mswsosp.dll [MS], 1
c:\windows\SYSTEM\msafd.dll [MS], 2 - 4
c:\windows\SYSTEM\rsvpsp.dll [MS], 5 - 6

Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL" ["Sun Microsystems, Inc."]

Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
SYSFMON\Driver = "SYSFMON.DLL" ["Conceptual Systems."]
BrotherUSBPrinterPort\Driver = "brUSBmon.dll" ["Brother Industries,Ltd."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 62 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 61 seconds.
---------- (total run time: 223 seconds)

joe5

Looks completly clean aswell. Any luck with the Panda scan?

But just to be sure, there is a legit file with this name but it is also used by malware:

c:\windows\scanregw.exe

Please upload the file in bold to this site:

http://www.virustotal.com/en/indexf.html

And post back the scan results if anything is found.

mikeyaj

found more problems on my computer as well. anothe dll is corrupted, this time the playersvr.dll. i can now no longer play audio cds on my computer through media player. what is going on with my dll files?

this is the log from panda scan.

ncident Status Location
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\default@doubleclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\default@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\default@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\default@112.2o7[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\default@questionmarket[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\WINDOWS\Cookies\default@winfixer[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\default@xmts[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Cookies\default@adopt.hbmediapro[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\WINDOWS\Cookies\default@errorsafe[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\WINDOWS\Cookies\default@www.errorsafe[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\default@com[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\WINDOWS\Cookies\default@stats1.reliablestats[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\default@ad.yieldmanager[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\default@belnk[1].txt
Spyware:Cookie/Outster Not disinfected C:\WINDOWS\Cookies\default@outster[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Cookies\default@statse.webtrendslive[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\default@dist.belnk[2].txt
Spyware:Cookie/WebPower Not disinfected C:\WINDOWS\Cookies\default@webpower[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\default@burstnet[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\default@statcounter[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\default@burstnet[3].txt

joe5

Panda just found a couple of cookies, nothing to worry about there.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

And also run a diskcheck on your HD, see here for manuall instuctions and/or a "guided help" to do it:

How to perform disk error checking in Windows XP