Tech Support banner

Status
Not open for further replies.
1 - 15 of 15 Posts

·
Registered
Joined
·
16 Posts
Discussion Starter #1
Thank you for any and all help !!!
_____________________________
I have been getting for several weeks the following message below. It mostly
happens when using FireFox browser, but not always. Sometimes OE, or just
about any other program.

Sometimes with FireFox, it will pop up several times in a row, even with
restarting it. I have uninstalled/installed FireFox a few times to no avail.

I run Microsoft AntiSpyWare, Ad-Aware, Spy-Bot among a few others very
regularly. And followed the pre-instructions listed in this forum

System: Windows 2000 (5.00.2195) Service Pack 4

Anyway here is the message:

PROGRAM ERROR

<process has already exited> has generated errors and will be closed by
Windows. You will need to restart the program. An error log is being
generated.
__________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:21:12 AM, on 10/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\VerizonDSL\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\Promon.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1052
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\mille\Application Data\Mozilla\Firefox\Profiles\default.9gj\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\mille\Application Data\Mozilla\Firefox\Profiles\default.9gj\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} ([email protected] Control) - http://www.unclebilly.com/MediaShow.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - Unknown owner - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\VerizonDSL\WinPoET\WrOS.EXE
 

·
Registered
Joined
·
6,574 Posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint Manager

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\Viewpoint\

Restart and run a new HijackThis scan. Save the log file and post it here.

Run an online virus scan at http://www.pandasoftware.com/products/activescan. It's at the top right corner of the webpage in RED
Sabe the results and post the log from the Panda scan here.

So in your next post - I need Online virus scan results and a new HJT log.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #3
Thank you for your reply. Instructions followed exact as requested. ( It should be noted that I recieved a "Program Error" after re-starting to run HiJack, and a few more when I was attempting to open Panda Scan)

Logfile of HijackThis v1.99.1
Scan saved at 12:09:06 PM, on 10/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\VerizonDSL\WinPoET\WrOS.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1052
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\mille\Application Data\Mozilla\Firefox\Profiles\default.9gj\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\mille\Application Data\Mozilla\Firefox\Profiles\default.9gj\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} ([email protected] Control) - http://www.unclebilly.com/MediaShow.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - Unknown owner - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\VerizonDSL\WinPoET\WrOS.EXE


Active Scan Results:

Incident Status Location

Virus:W32/Bagle.BK.worm Renamed C:\Documents and Settings\mille\Local Settings\Temp\Temporary Internet Files\Content.IE5\SN2F61MP\ShowLetter[8][Price.cpl]
 

·
Registered
Joined
·
6,574 Posts
Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Run HJT and fix the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yc...//www.yahoo.com
O1 - Hosts: comments (such as these) may be inserted on individual


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

Reboot the computer


Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #5
Instructions followed as directed. Thank you

(NOTE: CHKDSK ran automatically upon re-boot. "PROGRAM ERROR" appeared after reboot)

Antispyware.log

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\mille\Favorites\Sports'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\mille\Favorites\Sports' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\13 Weeks to a 13-Hour Ironman.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\13 Weeks to a 13-Hour Ironman.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\13 Weeks to a 13-Hour Ironman.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Action Sports International.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Action Sports International.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Action Sports International.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Baseball salaries.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Baseball salaries.url' in startup areas.

Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Baseball salaries.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\howtostretch.com-iliotibial.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\howtostretch.com-iliotibial.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\howtostretch.com-iliotibial.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\http--www.mindfulness.com-of5.asp.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\http--www.mindfulness.com-of5.asp.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\http--www.mindfulness.com-of5.asp.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\MetroTri.com.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\MetroTri.com.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\MetroTri.com.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Mile 141 Sports.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Mile 141 Sports.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Mile 141 Sports.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\New York Road Runners.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\New York Road Runners.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\New York Road Runners.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Slowtwitch.com.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Slowtwitch.com.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Slowtwitch.com.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Steve Prefontaine.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Steve Prefontaine.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Steve Prefontaine.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Find.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Find.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Find.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Newbies Online.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Newbies Online.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Tri-Newbies Online.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Triathlon Association of NYC.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Triathlon Association of NYC.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Triathlon Association of NYC.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Westchester Triathlon Club.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\Westchester Triathlon Club.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\Westchester Triathlon Club.url'
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\xtri.com hurricane bob august 2001.url' in shortcut areas.
Checking for 'C:\Documents and Settings\mille\Favorites\Sports\xtri.com hurricane bob august 2001.url' in startup areas.
Cleaning 'C:\Documents and Settings\mille\Favorites\Sports\xtri.com hurricane bob august 2001.url'
Finished Cleaning
 

·
Registered
Joined
·
6,574 Posts
Download StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in your next reply.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #7
StartDreck (build 2.1.7 public stable) - 2005-10-27 @ 14:48:28 (GMT -04:00)
Platform: Windows 2000 (Win NT 5.0.2195 Service Pack 4)
Internet Explorer: 6.0.2800.1106
Logged in as mille at STAT235

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
»Local Machine
»Run
*Synchronization Manager=mobsync.exe /logon
*Smapp=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
*EM_EXEC=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
*ChkAdmin=C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
*WinPoET=C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
*Share-to-Web Namespace Daemon=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
*CamMonitor=C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
*NeroFilterCheck=C:\WINNT\system32\NeroCheck.exe
*WinampAgent=C:\Program Files\Winamp\winampa.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*CPQDFWAG=C:\WINNT\Cpqdiag\CpqDfwAg.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINNT\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer Access/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath="C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express Access/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath="C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Microsoft Web Publishing Wizard 1.52/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
+EnableRevocation/{6A5110B5-E14B-4268-A065-EF89FF33C325}
*StubPath=regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub
+Address Book 5/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
»Internet Explorer
»Current User
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Start Page=http://espn.go.com/
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
*Provider=yaho
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=http://home.netscape.com/home/winsearch200.html
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.espn.com
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*Network.ConnectionTray={7007ACCF-3202-11D1-AAD2-00805FC1270E}
`InprocServer32=C:\WINNT\system32\NETSHELL.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINNT\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\mille\Start Menu\Programs\Startup\HotSync Manager.lnk
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINNT\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\config.nt
`files=100
`buffers=50
*C:\autoexec.bat
*C:\WINNT\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`lh %SystemRoot%\system32\nw16
`lh %SystemRoot%\system32\vwipxspx
*C:\WINNT\wininit.ini
`[rename]
`NUL=InitTermMutex638
*C:\WINNT\system32\drivers\etc\hosts
`127.0.0.1 localhost
`192.168.0.3 mail-server
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINNT\system32\win.com
*C:\WINNT\explorer.exe
»%PATH% Companion Files
+C:\WINNT\system32\javaw.exe
*C:\WINNT\javaw.exe
+C:\WINNT\system32\NOTEPAD.EXE
*C:\WINNT\NOTEPAD.EXE
+C:\WINNT\system32\TASKMAN.EXE
*C:\WINNT\TASKMAN.EXE
+C:\WINNT\system32\WINHLP32.EXE
*C:\WINNT\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+8=<system>
+148=\SystemRoot\System32\smss.exe
+172=\??\C:\WINNT\system32\csrss.exe
+192=\??\C:\WINNT\system32\winlogon.exe
+220=C:\WINNT\system32\services.exe
+232=C:\WINNT\system32\lsass.exe
+416=C:\WINNT\system32\svchost.exe
+444=C:\WINNT\system32\spoolsv.exe
+484=C:\COMPAQ\ACLIENT\ACLIENT.exe
+508=C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
+524=C:\WINNT\Cpqdiag\Cpqdfwag.exe
+536=C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
+560=C:\WINNT\System32\svchost.exe
+592=C:\Program Files\Compaq\LCRMS\LCRMS.EXE
+700=C:\WINNT\System32\NMSSvc.exe
+764=C:\WINNT\system32\regsvc.exe
+788=C:\WINNT\system32\MSTask.exe
+812=C:\WINNT\system32\stisvc.exe
+864=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
+880=C:\WINNT\System32\WBEM\WinMgmt.exe
+912=C:\Program Files\VerizonDSL\WinPoET\WrOS.EXE
+944=C:\WINNT\system32\mspmspsv.exe
+964=C:\WINNT\system32\svchost.exe
+948=C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
+1380=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
+1388=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
+1396=C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
+1404=C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
+1224=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
+1436=C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
+1220=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
+1216=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+1200=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
+1448=C:\WINNT\System32\svchost.exe
+1460=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
+1480=C:\Program Files\Winamp\winampa.exe
+1556=C:\Program Files\Palm\HOTSYNC.EXE
+1584=C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
+1500=C:\WINNT\system32\drwtsn32.exe
+1344=C:\WINNT\explorer.exe
+1676=C:\PROGRA~1\WINZIP\winzip32.exe
+1664=C:\PROGRA~1\WINZIP\winzip32.exe
+1772=C:\Documents and Settings\mille\Desktop\StartDreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
192.168.0.3 mail-server <--this entry is in your hosts file. Is it related to your ISP providers mail servers?

Open up the Event viewer and see which program is causing the error.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #10
MicroBell said:
192.168.0.3 mail-server <--this entry is in your hosts file. Is it related to your ISP providers mail servers?

Open up the Event viewer and see which program is causing the error.
I have no idea about the mail server. How would I find out?

This is from the latest RED X on the Event Viewer. NOTE: CheckDisk runs very frequently at re-boots due to whatever problem I am having.

Event Type: Error
Event Source: Ntfs
Event Category: Disk
Event ID: 55
Date: 10/28/2005
Time: 7:59:48 AM
User: N/A
Computer: STAT235
Description:
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
Data:
0000: 12 00 00 00 02 00 4e 00 ......N.
0008: 02 00 00 00 37 00 04 c0 ....7..À
0010: 00 00 00 00 32 00 00 c0 ....2..À
0018: 40 00 00 00 00 00 00 00 @.......
0020: 00 00 00 00 00 00 00 00 ........
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Ok... first open the hosts file located here...C:\WINNT\system32\drivers\etc\hosts
with wordpad.

Delete the following entry and then save the file..

`192.168.0.3 mail-server

Run checkdisk manually and choose "Fix Errors Automatically" and "Scan for and Attempt to recover bad sectors" Let me know what it finds. You may have a corrupt or bad hard drive which would cause the programs to error or crash out.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #12
Thank you for the reply and continued help.

Okay, I removed "192.168.0.3 mail-server"

I ran CHKDSK manually a few times in the past few days along with DEFRAG

I did it again just now and it seem to run clean, which have not been the case a few times. Does it store a log anywhere, that I can post?

Stage 1...veriying files...completed
Stage 2...verifying index...completed
Stage 3...verifying security...completed
Stage 4...verifying file data...completed
Stage 5...verifying free space...completed

I use to get the "Program Error" on start-up, but have not in a few days, but I am still getting the "Program Error" on a regulary basis the past few days using a variety of programs.

Thank you
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
No..it's doesn't make a log. It sounds like the OS is corrupt as your getting many programs doing the same thing. Your only recourse may be to reinstall windows. Click start..run..type in sfc /scannow and see if any missing or corrupt windows files are found.

Did you install any hardware or software right before this issue appeared?
 

·
Registered
Joined
·
16 Posts
Discussion Starter #14
Thank you.

I don't recall installing anything, it just seemed to happen one day and then got progessively worse.

I attempted to run "sfc /scannow ", but then I get a screen pop up that staes "FILES TAHT ARE REQUIRED FOR WINDOWS TO RUN PROPERLY HAVE BEEN REPLACED BY UNRECONGIZED VERSIONS...", then asking for Win 2000 Pro disks.

So it seems I have to reinstall Windows 2000, but I do NOT have the disks.

I assume there are no other alternative. None of these programs that I see adveriste on Gooogle like "WINFIX", "PC BUG DOCTOR", etc I assume will not correct the issue? or will one of those?

Thank you to all on this great site for the help
 

·
Registered
Joined
·
6,574 Posts
Do not download anythign advertised on Goolge.
And no, spyware programs will not help you here, you need the Windows 2000 CD to be able to replace the files that have been..err.. replaced.
 
1 - 15 of 15 Posts
Status
Not open for further replies.
Top