error with desktop and webbrowser need help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
My browser was defaulting to msap and I can't open any applications without getting an unkown error. Any suggestions? Here is my log.......

Thanks in advance.

Logfile of HijackThis v1.99.0
Scan saved at 1:33:32 AM, on 12/20/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\Promon.exe
C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\msrexe.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\America Online 7.0\waol.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINNT\System32\wins32t.dll
F3 - REG:win.ini: run=hpfsched
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: IEHlprObj Class - {12D02C08-218F-4A11-BDE1-6611ADB7B81F} - C:\WINNT\SYS32_~1.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINNT\System32\vtlbar1.dll
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINNT\System32\vtlbar1.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Office Project Fix] C:\Program Files\Microsoft Office\Office\DoO2kcu.exe
O4 - HKLM\..\Run: [lcfep] "C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [System Service] C:\WINNT\System32\msrexe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [tapisys] C:\WINNT\System32\tss.exe
O4 - HKCU\..\Run: [tapisys] C:\WINNT\System32\tss.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://socrates.gm.com
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma09.mail.gm.com/iNotes.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D4C176-ACCC-452D-9012-2DFB71106EFD}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tivoli Management Agent - Unknown - C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINNT\wanmpsvc.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Welcome to TSG :)

First go to Control Panel - Add/Remove Programs
Uninstall: P2P Networking

Download and run the following:

Ad-Aware SE Personal
http://www.lavasoftusa.com/support/download/

Install the program and launch it.

In the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot your computer

SpyBot Search & Destroy
http://majorgeeks.com/download2471.html

Open the program.
Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems''.

Reboot your computer again

Move Hijack This off the desktop and into a permanent folder on the hard drive, then post a new log
 

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
I get an error anytime I open anything! Very frustrating. Also, anything I open up there are now menu's for gambling, insurance, etc. in the tool bar section. I will go through your reply and update when done. Thanks
 

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
I executed your request to the T and problem is now gone. I can't thank you enough. Here is my latest snap-shot. Should I remove some of the other programs I loaded, CWshredder, Noadware, etc.?

Logfile of HijackThis v1.99.0
Scan saved at 10:56:49 AM, on 12/20/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Promon.exe
C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ntvdm.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.gm.com
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINNT\System32\wins32t.dll
O2 - BHO: (no name) - {12D02C08-218F-4A11-BDE1-6611ADB7B81F} - (no file)
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Office Project Fix] C:\Program Files\Microsoft Office\Office\DoO2kcu.exe
O4 - HKLM\..\Run: [lcfep] "C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://socrates.gm.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma09.mail.gm.com/iNotes.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nam.corp.gm.com
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Tivoli Management Agent - Unknown - C:\em\opt\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINNT\wanmpsvc.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You're welcome (y)

That looks better
You can fix this entry: O2 - BHO: (no name) - {12D02C08-218F-4A11-BDE1-6611ADB7B81F} - (no file)

Fix that one for now.
I want to ask a Moderator about the 06 entries and see what needs to be done about those.

Once the log is declared clean, you should do a Windows Update.
Your version of Internet Explorer is very outdated.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
I could be mistaken, but those entries usually show up if parental controls are set in AOL.


Also you mentioned IE being outdated. Windows 2K is up to at LEAST SP4.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
And yes, the IE they are using is 5
Should go to 6 and tighten that security
 

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
So, Cheeseball, should I run CW Shredder? What do I need to do to update my system? Love all the comments. This is fun listening to everyone.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Yes run CWShredder like MFDnSC recommended

Post a new log afterwards (y)

When you launch IE, go up top to "Tools", then "Windows Update"
It will scan your system for any updates
Download all the critical ones
 
Joined
Dec 9, 2000
Messages
45,855
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

These can also be present if Spybot is installed and the "immunize" functions are enabled.

Check and fix this:

R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINNT\System32\wins32t.dll

ref: http://doxdesk.com/parasite/Tubby.html
 

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
I am going to run CW Shredder now. Rollin Rog said check and fix this? Do I find that dll file in system 32 and delete it? I am not sure how to perform it from DOS. I opened IE and went to tools but there is no "update system" there. ?
 

mothemule

Thread Starter
Joined
Dec 20, 2004
Messages
21
I found this file in Syst 32 and deleted it. Will that do the trick?

wins32t.dll
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Run Hijack This again, and place a checkmark in that box, and tell the program to FIX that.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top