Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Panda and Housecall logs


  • Please log in to reply

#1
suzeq02871

suzeq02871

    New Member

  • Member
  • Pip
  • 6 posts
I get the MSVCRT1.DLL file not found when ever I turn my computer on or when I reboot. Is there any way I can fix this? I have reinstalled Windows ME with the CD. Thanks.
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
suzeq02871

suzeq02871

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I receive the error message:

.DLL file
MSVCRT1.DLL not found

when I retart my computer. I downloaded and ran hijackthis this morning. Here is the log that I saved:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:05 AM, on 4/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Dcfssvc] C:\Program Files\Common Files\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.co.../cx_tgctlcm.jsp
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...421/mcfscan.cab


Thanks for everything, I do appreciate it!!!!
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi suzeq02871

Please read through the instructions before you start (you may want to print this out).

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop.

Run CWShredder to fix your CWS problem.

Please set your system to show all files; please see here if you're unsure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\web\related.htm<--Delete this file
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER<--Delete the whole folder
Exit Explorer.Reboot as normal.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
suzeq02871

suzeq02871

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there,

I ran Panda and Housecall. Housecall had no viruses!! Below is the Panda log. Get back to me when you can. You all have been extremely helpful. Thanks again.

Susan

ncident Status Location

Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM\VX0.NLS
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Adware:Adware/IPInsight No disinfected C:\WINDOWS\FARMMEXT.INI
Adware:Adware/IPInsight No disinfected C:\WINDOWS\SATMAT.INI
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\REMTM3.EXE
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[salm.exe]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[zserv.dll]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[ZServ.dll]
Adware:Adware/TopRebates No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[webrebates_cdt_installsilent.exe]
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[optimize.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[cdt_bbi8016.exe]
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[msbb.exe]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[mxtarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[preInsMt.exe]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[preInsMt.exe]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[twaintec.dll]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[clntm3.exe]
Virus:Trj/Imiserv.D Disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.zip[systb.exe]
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[salm.exe]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[zserv.dll]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[zserv.inf]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[ZServ.dll]
Adware:Adware/TopRebates No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[webrebates_cdt_installsilent.exe]
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[optimize.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[cdt_bbi8016.exe]
Adware:Adware/nCase No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[msbb.exe]
Adware:Adware/MultiMPP No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[mxtarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[preInsMt.exe]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[preInsMt.exe]
Adware:Adware/Twain-Tech No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[twaintec.dll]
Virus:Trj/Downloader.OU Disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[wupdt.exe]
Spyware:Spyware/BetterInet No disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[clntm3.exe]
Virus:Trj/Imiserv.D Disinfected C:\Program Files\PestPatrol\Quarantine\20050125170930.RB0[systb.exe]
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Hi Susan,

I found the three topics you started and merged them.

Can you please reply by using the "Add reply" button below if you still need help.

Regards,
  • 0

#7
suzeq02871

suzeq02871

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there,

Should I delete any files from the Panda log?

Thanks
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Not really. But can you post a current HijackThis log?
And let us know what problems you have left to deal with.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP