Solved

IE wants to send error report each time it starts up.

Posted on 2004-04-02
8
547 Views
Last Modified: 2010-04-13
I have a Win2k SP3 system on my bench.  I think some kiddo's have downloaded something that has hijacked IE.  I have done the SFC program and it is still broken.  I did the registry change to allow me to re-install IE.  I re-installed IE, but it didn't appear that it took long enough.  

I can't run anti-virus on it, either.

Any ideas?  I thought about hooking just the drive to my test system as a slave drive and trying to edit the registry, but I can't find a registry editor that will work on a slave drive.  Anyone know of such a program.  (If there's not one I bet I could make a fortune if I wrote one!  LOL  )

Thanks in advance.
0
Comment
Question by:gandamid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 500 total points
ID: 10745180
Hi gandamid,

Please run Hijackthis and post the logfile:
http://209.133.47.200/~merijn/files/HijackThis.exe

Greetings,

LucF
0
 

Author Comment

by:gandamid
ID: 10745217
When I view the report that IE wants to send, it says there's an error in winshow.dll .  I notice there is a winshow.dll in the docs & settings for the administrator.

Here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 5:05:42 PM, on 4/2/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
A:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find4u.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gregory and Associates
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find4u.net/sp.htm
O1 - Hosts: 5377608764 spywareforum.com
O1 - Hosts: 5377608764 www.spywareforum.com
O1 - Hosts: 5377608764 forum.spywareinfo.com
O1 - Hosts: 5377608764 nativehardcore.com
O1 - Hosts: 5377608764 www.nativehardcore.com
O1 - Hosts: 5377608764 approvedlinks.com
O1 - Hosts: 5377608764 www.approvedlinks.com
O1 - Hosts: 5377608764 searchv.com
O1 - Hosts: 5377608764 www.searchv.com
O1 - Hosts: 5377608764 selfbookmarks.com
O1 - Hosts: 5377608764 runsearch.com
O1 - Hosts: 5377608764 www.runsearch.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 searching-the-net.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 ywebsearch.info
O1 - Hosts: 5377608764 www.ywebsearch.info
O1 - Hosts: 5377608764 ok-search.com
O1 - Hosts: 5377608764 www.ok-search.com
O1 - Hosts: 5377608764 ewebsearch.net
O1 - Hosts: 5377608764 www.ewebsearch.net
O1 - Hosts: 5377608764 www.008k.com
O1 - Hosts: 5377608764 autosearcher.com
O1 - Hosts: 5377608764 www.autosearcher.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 www.smutserver.com
O1 - Hosts: 5377608764 www.kinghost.com
O1 - Hosts: 5377608764 www.smuthosts.com
O1 - Hosts: 5377608764 livesexlist.com
O1 - Hosts: 5377608764 www.livesexlist.com
O1 - Hosts: 5377608764 www.thumbnailpost.com
O1 - Hosts: 5377608764 thumbnailpost.com
O1 - Hosts: 5377608764 adult-series.com
O1 - Hosts: 5377608764 www.adult-series.com
O1 - Hosts: 5377608764 www.webcoolsearch.com
O1 - Hosts: 5377608764 webcoolsearch.com
O1 - Hosts: 5377608764 neope.selfbookmark.info
O1 - Hosts: 5377608764 solongas.com
O1 - Hosts: 5377608764 www.solongas.com
O1 - Hosts: 5377608764 eforced.com
O1 - Hosts: 5377608764 www.eforced.com
O1 - Hosts: 5377608764 www.alfa-search.com
O1 - Hosts: 5377608764 alfa-search.com
O1 - Hosts: 5377608764 in.webcounter.cc
O1 - Hosts: 5377608764 i-lookup.com
O1 - Hosts: 5377608764 allneedsearch.com
O1 - Hosts: 5377608764 tits.hardcore4ever.net
O1 - Hosts: 5377608764 best.royalsearch.net
O1 - Hosts: 5377608764 default-homepage-network.com
O1 - Hosts: 5377608764 xwebsearch.com
O1 - Hosts: 5377608764 www.rightfinder.net
O1 - Hosts: 5377608764 www.search-1.net
O1 - Hosts: 5377608764 www.websearch.com
O1 - Hosts: 5377608764 mysearchnow.com
O1 - Hosts: 5377608764 www.therealsearch.com
O1 - Hosts: 5377608764 www.find-itnow.com
O1 - Hosts: 5377608764 super-spider.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 www.firstbookmark.com
O2 - BHO: (no name) - { - (no file)
O2 - BHO: (no name) - {0 - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296 - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296D - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {03 - (no file)
O2 - BHO: (no name) - {035 - (no file)
O2 - BHO: (no name) - {03529 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - C:\Program Files\Topicks\Bin\HtCheck2.dll (file missing)
O2 - BHO: (no name) - {04 - (no file)
O2 - BHO: (no name) - {0494 - (no file)
O2 - BHO: (no name) - {06 - (no file)
O2 - BHO: (no name) - {0684 - (no file)
O2 - BHO: (no name) - {06849 - (no file)
O2 - BHO: (no name) - {06849E - (no file)
O2 - BHO: (no name) - {06849E9 - (no file)
O2 - BHO: (no name) - {06849E9F - (no file)
O2 - BHO: (no name) - {06849E9F- - (no file)
O2 - BHO: (no name) - {06849E9F-C - (no file)
O2 - BHO: (no name) - {06849E9F-C8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D5 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-78 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1 - (no file)
O2 - BHO: (no name) - {14 - (no file)
O2 - BHO: (no name) - {14b - (no file)
O2 - BHO: (no name) - {14b3 - (no file)
O2 - BHO: (no name) - {14b3d - (no file)
O2 - BHO: (no name) - {14b3d2 - (no file)
O2 - BHO: (no name) - {14b3d24 - (no file)
O2 - BHO: (no name) - {14b3d246 - (no file)
O2 - BHO: (no name) - {14b3d246- - (no file)
O2 - BHO: (no name) - {14b3d246-6 - (no file)
O2 - BHO: (no name) - {14b3d246-62 - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {1E - (no file)
O2 - BHO: (no name) - {1E1 - (no file)
O2 - BHO: (no name) - {1E1B - (no file)
O2 - BHO: (no name) - {1E1B2 - (no file)
O2 - BHO: (no name) - {1E1B28 - (no file)
O2 - BHO: (no name) - {1E1B287 - (no file)
O2 - BHO: (no name) - {1E1B2879 - (no file)
O2 - BHO: (no name) - {1E1B2879- - (no file)
O2 - BHO: (no name) - {1E1B2879-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88 - (no file)
O2 - BHO: (no name) - {1E1B2879-88F - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-1 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D9 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7A - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7AC - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACA - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC9 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC959 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC9595 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951 - (no file)
O2 - BHO: (no name) - {6 - (no file)
O2 - BHO: (no name) - {60 - (no file)
O2 - BHO: (no name) - {601 - (no file)
O2 - BHO: (no name) - {601E - (no file)
O2 - BHO: (no name) - {601ED - (no file)
O2 - BHO: (no name) - {601ED0 - (no file)
O2 - BHO: (no name) - {601ED02 - (no file)
O2 - BHO: (no name) - {601ED020 - (no file)
O2 - BHO: (no name) - {601ED020- - (no file)
O2 - BHO: (no name) - {601ED020-F - (no file)
O2 - BHO: (no name) - {601ED020-FB - (no file)
O2 - BHO: (no name) - {601ED020-FB6 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C - (no file)
O2 - BHO: (no name) - {601ED020-FB6C- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-1 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-00 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-005 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA5 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA599 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA5992 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922 - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F31 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F315 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E777 - (no file)
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Administrator\Application Data\winshow\winshow.dll
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Administrator\Application Data\winlink\winlink.dll
O2 - BHO: (no name) - {7 - (no file)
O2 - BHO: (no name) - {76 - (no file)
O2 - BHO: (no name) - {760 - (no file)
O2 - BHO: (no name) - {760A - (no file)
O2 - BHO: (no name) - {760A9 - (no file)
O2 - BHO: (no name) - {760A9D - (no file)
O2 - BHO: (no name) - {760A9DD - (no file)
O2 - BHO: (no name) - {760A9DDE - (no file)
O2 - BHO: (no name) - {760A9DDE- - (no file)
O2 - BHO: (no name) - {760A9DDE-1 - (no file)
O2 - BHO: (no name) - {760A9DDE-14 - (no file)
O2 - BHO: (no name) - {760A9DDE-143 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-81 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-818 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D67 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D673 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735B - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D3 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D6735BB5D3D - (no file)
O2 - BHO: (no name) - {A - (no file)
O2 - BHO: (no name) - {A6 - (no file)
O2 - BHO: (no name) - {A64 - (no file)
O2 - BHO: (no name) - {A647 - (no file)
O2 - BHO: (no name) - {A6475 - (no file)
O2 - BHO: (no name) - {A6475E - (no file)
O2 - BHO: (no name) - {A6475E6 - (no file)
O2 - BHO: (no name) - {A6475E6B - (no file)
O2 - BHO: (no name) - {A6475E6B- - (no file)
O2 - BHO: (no name) - {A6475E6B-3 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8A - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD - (no file)
O2 - BHO: (no name) - {B - (no file)
O2 - BHO: (no name) - {BD - (no file)
O2 - BHO: (no name) - {BDF - (no file)
O2 - BHO: (no name) - {BDF3 - (no file)
O2 - BHO: (no name) - {BDF3E - (no file)
O2 - BHO: (no name) - {BDF3E4 - (no file)
O2 - BHO: (no name) - {BDF3E43 - (no file)
O2 - BHO: (no name) - {BDF3E430 - (no file)
O2 - BHO: (no name) - {BDF3E430- - (no file)
O2 - BHO: (no name) - {BDF3E430-B - (no file)
O2 - BHO: (no name) - {BDF3E430-B1 - (no file)
O2 - BHO: (no name) - {BDF3E430-B10 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-4 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A5 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A54 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FA - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FAD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\Program Files\Topicks\Bin\TpBar.dll (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRA~1\GROKSTER\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\SVCHOST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (Infragistics ComboBox Control) - http://www.timecentre2000.com/timecentre/Common/pvcombo.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://www.timecentre2000.com/timecentre/Common/iemenu.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37756.5882407407
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.timecentre2000.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (Infragistics DataTable Control 8.0 (OLEDB)) - http://www.timecentre2000.com/timecentre/Common/pvdt80.cab



0
 
LVL 32

Expert Comment

by:LucF
ID: 10745298
gandamid,
Sorry to say this, but this is one of the worst logs I've ever seen...

Use all these tools and make sure to update them before running:
Ad-aware :                          http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder :              http://209.133.47.200/~merijn/files/CWShredder.exe

Afterwards, in case your internet connection won't work anymore, use this tool to get back online:
http://members.shaw.ca/techcd/WinsockXPFix.exe

Afterwards, post another logfile. You also have a virus, but we'll fix that later on.

LucF
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:gandamid
ID: 10745368
I was able to get IE to come up.  Have downloaded the programs you suggested.  Will run them in a few minutes.  I pulled the drive and hooked it up on my test system as a slave and am currently running NAV on it.

Will post back in a few minutes on my progress.

Thx.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10745380
I am not sure why this is here C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe but it don't belong. It may be at the crux of your problem.

I think a virus is at the heart of this. Seee if you can do this

Double Check for viruses
Online Scanners

 Norton Web Services  
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
 
Note: Scan for Viruses does not scan compressed files"

======================
 Trend Micro HouseCall        
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp

If you not the run this
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/

And if you can run your anti viurs scanner from safmode move this disk to a machine that you can run its virus scanner on it.
0
 
LVL 32

Expert Comment

by:LucF
ID: 10745399
this one worries me a lot more: C:\WINNT\svchost.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
0
 

Author Comment

by:gandamid
ID: 10745616
Lucf gave me the hijack program link and that fixed most of my problems.

I'm going to award the points to lucf.

Can get the computer to come up, IE comes up.  Can't get on the network.  Device mgr not showing a network card in the machine.  It is built onto the mobo.  I will try plugging in a nic and see if I can get drivers to load.

Getting close, but not there quite yet.

I am going to award you the points 'cause that hijack program is GREAT !!!

Thanks.  I think I can get it going from here.  It may still come down to loading the thing from scratch.  OH well.

FG

0
 
LVL 32

Expert Comment

by:LucF
ID: 10746724
Glad to help ;-)

LucF
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The world seems to conceive of a curious bubble separating IT from “the business.”  More so than just about any other pursuit in the commercial world, people think of IT as some kind of an island.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question