Solved

IE wants to send error report each time it starts up.

Posted on 2004-04-02
8
541 Views
Last Modified: 2010-04-13
I have a Win2k SP3 system on my bench.  I think some kiddo's have downloaded something that has hijacked IE.  I have done the SFC program and it is still broken.  I did the registry change to allow me to re-install IE.  I re-installed IE, but it didn't appear that it took long enough.  

I can't run anti-virus on it, either.

Any ideas?  I thought about hooking just the drive to my test system as a slave drive and trying to edit the registry, but I can't find a registry editor that will work on a slave drive.  Anyone know of such a program.  (If there's not one I bet I could make a fortune if I wrote one!  LOL  )

Thanks in advance.
0
Comment
Question by:gandamid
  • 4
  • 3
8 Comments
 
LVL 32

Accepted Solution

by:
Luc Franken earned 500 total points
ID: 10745180
Hi gandamid,

Please run Hijackthis and post the logfile:
http://209.133.47.200/~merijn/files/HijackThis.exe

Greetings,

LucF
0
 

Author Comment

by:gandamid
ID: 10745217
When I view the report that IE wants to send, it says there's an error in winshow.dll .  I notice there is a winshow.dll in the docs & settings for the administrator.

Here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 5:05:42 PM, on 4/2/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
A:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find4u.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gregory and Associates
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find4u.net/sp.htm
O1 - Hosts: 5377608764 spywareforum.com
O1 - Hosts: 5377608764 www.spywareforum.com
O1 - Hosts: 5377608764 forum.spywareinfo.com
O1 - Hosts: 5377608764 nativehardcore.com
O1 - Hosts: 5377608764 www.nativehardcore.com
O1 - Hosts: 5377608764 approvedlinks.com
O1 - Hosts: 5377608764 www.approvedlinks.com
O1 - Hosts: 5377608764 searchv.com
O1 - Hosts: 5377608764 www.searchv.com
O1 - Hosts: 5377608764 selfbookmarks.com
O1 - Hosts: 5377608764 runsearch.com
O1 - Hosts: 5377608764 www.runsearch.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 searching-the-net.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 ywebsearch.info
O1 - Hosts: 5377608764 www.ywebsearch.info
O1 - Hosts: 5377608764 ok-search.com
O1 - Hosts: 5377608764 www.ok-search.com
O1 - Hosts: 5377608764 ewebsearch.net
O1 - Hosts: 5377608764 www.ewebsearch.net
O1 - Hosts: 5377608764 www.008k.com
O1 - Hosts: 5377608764 autosearcher.com
O1 - Hosts: 5377608764 www.autosearcher.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 www.smutserver.com
O1 - Hosts: 5377608764 www.kinghost.com
O1 - Hosts: 5377608764 www.smuthosts.com
O1 - Hosts: 5377608764 livesexlist.com
O1 - Hosts: 5377608764 www.livesexlist.com
O1 - Hosts: 5377608764 www.thumbnailpost.com
O1 - Hosts: 5377608764 thumbnailpost.com
O1 - Hosts: 5377608764 adult-series.com
O1 - Hosts: 5377608764 www.adult-series.com
O1 - Hosts: 5377608764 www.webcoolsearch.com
O1 - Hosts: 5377608764 webcoolsearch.com
O1 - Hosts: 5377608764 neope.selfbookmark.info
O1 - Hosts: 5377608764 solongas.com
O1 - Hosts: 5377608764 www.solongas.com
O1 - Hosts: 5377608764 eforced.com
O1 - Hosts: 5377608764 www.eforced.com
O1 - Hosts: 5377608764 www.alfa-search.com
O1 - Hosts: 5377608764 alfa-search.com
O1 - Hosts: 5377608764 in.webcounter.cc
O1 - Hosts: 5377608764 i-lookup.com
O1 - Hosts: 5377608764 allneedsearch.com
O1 - Hosts: 5377608764 tits.hardcore4ever.net
O1 - Hosts: 5377608764 best.royalsearch.net
O1 - Hosts: 5377608764 default-homepage-network.com
O1 - Hosts: 5377608764 xwebsearch.com
O1 - Hosts: 5377608764 www.rightfinder.net
O1 - Hosts: 5377608764 www.search-1.net
O1 - Hosts: 5377608764 www.websearch.com
O1 - Hosts: 5377608764 mysearchnow.com
O1 - Hosts: 5377608764 www.therealsearch.com
O1 - Hosts: 5377608764 www.find-itnow.com
O1 - Hosts: 5377608764 super-spider.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 www.firstbookmark.com
O2 - BHO: (no name) - { - (no file)
O2 - BHO: (no name) - {0 - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296 - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296D - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {03 - (no file)
O2 - BHO: (no name) - {035 - (no file)
O2 - BHO: (no name) - {03529 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - C:\Program Files\Topicks\Bin\HtCheck2.dll (file missing)
O2 - BHO: (no name) - {04 - (no file)
O2 - BHO: (no name) - {0494 - (no file)
O2 - BHO: (no name) - {06 - (no file)
O2 - BHO: (no name) - {0684 - (no file)
O2 - BHO: (no name) - {06849 - (no file)
O2 - BHO: (no name) - {06849E - (no file)
O2 - BHO: (no name) - {06849E9 - (no file)
O2 - BHO: (no name) - {06849E9F - (no file)
O2 - BHO: (no name) - {06849E9F- - (no file)
O2 - BHO: (no name) - {06849E9F-C - (no file)
O2 - BHO: (no name) - {06849E9F-C8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D5 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-78 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1 - (no file)
O2 - BHO: (no name) - {14 - (no file)
O2 - BHO: (no name) - {14b - (no file)
O2 - BHO: (no name) - {14b3 - (no file)
O2 - BHO: (no name) - {14b3d - (no file)
O2 - BHO: (no name) - {14b3d2 - (no file)
O2 - BHO: (no name) - {14b3d24 - (no file)
O2 - BHO: (no name) - {14b3d246 - (no file)
O2 - BHO: (no name) - {14b3d246- - (no file)
O2 - BHO: (no name) - {14b3d246-6 - (no file)
O2 - BHO: (no name) - {14b3d246-62 - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {1E - (no file)
O2 - BHO: (no name) - {1E1 - (no file)
O2 - BHO: (no name) - {1E1B - (no file)
O2 - BHO: (no name) - {1E1B2 - (no file)
O2 - BHO: (no name) - {1E1B28 - (no file)
O2 - BHO: (no name) - {1E1B287 - (no file)
O2 - BHO: (no name) - {1E1B2879 - (no file)
O2 - BHO: (no name) - {1E1B2879- - (no file)
O2 - BHO: (no name) - {1E1B2879-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88 - (no file)
O2 - BHO: (no name) - {1E1B2879-88F - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-1 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D9 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7A - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7AC - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACA - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC9 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC959 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC9595 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951 - (no file)
O2 - BHO: (no name) - {6 - (no file)
O2 - BHO: (no name) - {60 - (no file)
O2 - BHO: (no name) - {601 - (no file)
O2 - BHO: (no name) - {601E - (no file)
O2 - BHO: (no name) - {601ED - (no file)
O2 - BHO: (no name) - {601ED0 - (no file)
O2 - BHO: (no name) - {601ED02 - (no file)
O2 - BHO: (no name) - {601ED020 - (no file)
O2 - BHO: (no name) - {601ED020- - (no file)
O2 - BHO: (no name) - {601ED020-F - (no file)
O2 - BHO: (no name) - {601ED020-FB - (no file)
O2 - BHO: (no name) - {601ED020-FB6 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C - (no file)
O2 - BHO: (no name) - {601ED020-FB6C- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-1 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-00 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-005 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA5 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA599 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA5992 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922 - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Administrator\Application Data\winshow\winshow.dll
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Administrator\Application Data\winlink\winlink.dll
O2 - BHO: (no name) - {7 - (no file)
O2 - BHO: (no name) - {76 - (no file)
O2 - BHO: (no name) - {760 - (no file)
O2 - BHO: (no name) - {760A - (no file)
O2 - BHO: (no name) - {760A9 - (no file)
O2 - BHO: (no name) - {760A9D - (no file)
O2 - BHO: (no name) - {760A9DD - (no file)
O2 - BHO: (no name) - {760A9DDE - (no file)
O2 - BHO: (no name) - {760A9DDE- - (no file)
O2 - BHO: (no name) - {760A9DDE-1 - (no file)
O2 - BHO: (no name) - {760A9DDE-14 - (no file)
O2 - BHO: (no name) - {760A9DDE-143 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-81 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-818 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D67 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D673 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735B - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D3 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D3D - (no file)
O2 - BHO: (no name) - {A - (no file)
O2 - BHO: (no name) - {A6 - (no file)
O2 - BHO: (no name) - {A64 - (no file)
O2 - BHO: (no name) - {A647 - (no file)
O2 - BHO: (no name) - {A6475 - (no file)
O2 - BHO: (no name) - {A6475E - (no file)
O2 - BHO: (no name) - {A6475E6 - (no file)
O2 - BHO: (no name) - {A6475E6B - (no file)
O2 - BHO: (no name) - {A6475E6B- - (no file)
O2 - BHO: (no name) - {A6475E6B-3 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8A - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD - (no file)
O2 - BHO: (no name) - {B - (no file)
O2 - BHO: (no name) - {BD - (no file)
O2 - BHO: (no name) - {BDF - (no file)
O2 - BHO: (no name) - {BDF3 - (no file)
O2 - BHO: (no name) - {BDF3E - (no file)
O2 - BHO: (no name) - {BDF3E4 - (no file)
O2 - BHO: (no name) - {BDF3E43 - (no file)
O2 - BHO: (no name) - {BDF3E430 - (no file)
O2 - BHO: (no name) - {BDF3E430- - (no file)
O2 - BHO: (no name) - {BDF3E430-B - (no file)
O2 - BHO: (no name) - {BDF3E430-B1 - (no file)
O2 - BHO: (no name) - {BDF3E430-B10 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-4 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A5 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A54 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FA - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\Program Files\Topicks\Bin\TpBar.dll (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRA~1\GROKSTER\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\SVCHOST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (Infragistics ComboBox Control) - http://www.timecentre2000.com/timecentre/Common/pvcombo.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://www.timecentre2000.com/timecentre/Common/iemenu.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37756.5882407407
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.timecentre2000.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (Infragistics DataTable Control 8.0 (OLEDB)) - http://www.timecentre2000.com/timecentre/Common/pvdt80.cab



0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10745298
gandamid,
Sorry to say this, but this is one of the worst logs I've ever seen...

Use all these tools and make sure to update them before running:
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe

Afterwards, in case your internet connection won't work anymore, use this tool to get back online:
http://members.shaw.ca/techcd/WinsockXPFix.exe

Afterwards, post another logfile. You also have a virus, but we'll fix that later on.

LucF
0
 

Author Comment

by:gandamid
ID: 10745368
I was able to get IE to come up.  Have downloaded the programs you suggested.  Will run them in a few minutes.  I pulled the drive and hooked it up on my test system as a slave and am currently running NAV on it.

Will post back in a few minutes on my progress.

Thx.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 44

Expert Comment

by:CrazyOne
ID: 10745380
I am not sure why this is here C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe but it don't belong. It may be at the crux of your problem.

I think a virus is at the heart of this. Seee if you can do this

Double Check for viruses
Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
 
Note: Scan for Viruses does not scan compressed files"

======================
 Trend Micro HouseCall        
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp

If you not the run this
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/

And if you can run your anti viurs scanner from safmode move this disk to a machine that you can run its virus scanner on it.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10745399
this one worries me a lot more: C:\WINNT\svchost.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
0
 

Author Comment

by:gandamid
ID: 10745616
Lucf gave me the hijack program link and that fixed most of my problems.

I'm going to award the points to lucf.

Can get the computer to come up, IE comes up.  Can't get on the network.  Device mgr not showing a network card in the machine.  It is built onto the mobo.  I will try plugging in a nic and see if I can get drivers to load.

Getting close, but not there quite yet.

I am going to award you the points 'cause that hijack program is GREAT !!!

Thanks.  I think I can get it going from here.  It may still come down to loading the thing from scratch.  OH well.

FG

0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10746724
Glad to help ;-)

LucF
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now