1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ppctlcab and axscanner

Discussion in 'Malware and Virus Removal Archive' started by olamoree, 2005/03/13.

Thread Status:
Not open for further replies.
  1. 2005/03/13
    olamoree

    olamoree Inactive Thread Starter

    Joined:
    2005/03/09
    Messages:
    9
    Likes Received:
    0
    Hi Guys and Gals,
    A problem or two. XP SP1a, Avast, ZA Pro, PrevX on ADSL. MS Antispy is giving me a notice of "ppctlcab" shortly after start-up which I don't allow. Appears that when I open Browser, IE6 or Firefox 1.0.1, everything goes well for the first few sites, then "sticks" on Transferring data from...xxx..., the progress bar goes maybe half way, then 2, 5, 10, 30 minutes to get the rest of the page! Wish I could learn to interpret HJT logs, but can't seem to grasp the "secret codes ", but trying..... Here is my HJT log and certainly appreciate any advise from those who do know the secret code! Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:00:16 PM, on 3/13/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Wintab32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\PREVX\Prevx Home\SAGUI.exe
    F:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\ATnotes\ATnotes.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\tinySpell\tinyspell.exe
    F:\Program Files\RoboTaskBarIcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    F:\Program Files\Linksys\LogViewer\LogViewer.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\H_menu\H_menu.exe
    D:\Program Files\YCIII\YankClip.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Calendar\Calendar.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\PREVX\Prevx Home\PXAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\Program Files\Mozilla Firefox 1.0.1\firefox.exe
    D:\Old Prog\Downloads\Programs Installed\HiJackThis 1.99.1\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} -

    C:\Program Files\WS_FTP Pro\wsbho2K0.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program

    Files\RoboForm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program

    Files\RoboForm.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft

    AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

    Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
    O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: H-Menu 5.0.lnk = C:\Program Files\H_menu\H_menu.exe
    O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\YCIII\YankClip.exe
    O4 - Startup: ERUNT AutoBackup.lnk = F:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Mount Virtual Drive.lnk = F:\Program Files\Walker

    Brothers\MountVD\MountVD.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O4 - Global Startup: Wall Watcher.lnk = D:\Temp Parking\WallWatcher.exe
    O4 - Global Startup: LogViewer.lnk = F:\Program

    Files\Linksys\LogViewer\LogViewer.exe
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O8 - Extra context menu item: &ieSpell Options - res://F:\Program

    Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://F:\Program

    Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Customize Menu &4 - file://F:\Program

    Files\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms &] - file://F:\Program

    Files\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm &2 - file://F:\Program

    Files\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://F:\Program

    Files\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -

    F:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}

    - F:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -

    F:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options -

    {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

    file://F:\Program Files\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] -

    {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program

    Files\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

    file://F:\Program Files\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ -

    {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program

    Files\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

    file://F:\Program Files\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 -

    {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program

    Files\RoboFormComShowToolbar.html
    O15 - Trusted Zone: http://home.americanexpress.com
    O15 - Trusted Zone: http://www.bncr.fi.cr
    O15 - Trusted Zone: www.bnonline.fi.cr
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: www.netbank.com
    O15 - Trusted Zone: www.webcamnow.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

    http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}

    (PPSDKActiveXScanner.MainScreen) -

    http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -

    file://G:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuwe

    b_site.cab?1097308786218
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware

    Scanner) -

    http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) -

    http://www.linksysfix.com/check/netset/install/gtdownls.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{0607155D-092D-4A3E-9DD0-0527AFC42EDD}:

    Domain = ice.co.cr
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{0607155D-092D-4A3E-9DD0-0527AFC42EDD}:

    NameServer = 208.133.206.44
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ice.co.cr
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ice.co.cr
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ice.co.cr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ice.co.cr
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

    Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program

    Files\PREVX\Prevx Home\PXAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC -

    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: WallWatcher - Nick Rozanski (Nick@Rozanski.com) -

    C:\WINDOWS\system32\srvstart.exe
    O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe
     
    olamoree,
    #1
  2. 2005/03/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS olamoree. :)

    Sorry for the delay in a reply.

    Only two items I see that need fixing.

    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -


    ppctlcab is a pestscan file and safe.

    Can I assume you've deleted Temporary Internet Files, cleared cookies, cleaned out Temp folders and C:\Windows\Prefetch folder?

    Have you run tracerts when things slow down to rule out line speed, timeouts and the like?

    Maybe shut down unnecessary programs to see if any of them are causing problems?

    I did notice that your system is way behind on Windows Updates, and therefore open to many vulnerabilities. ;)
     
    noahdfear,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...