main Automation server cannot create object erro message when browsing

Discussion in 'adware, spyware & hijack cleaning' started by hcginsberg, Apr 4, 2004.

Thread Status:
Not open for further replies.
  1. hcginsberg

    hcginsberg Guest

    i have received the above problem after downloading spybot search and destroy and spyware blaster 3.0 yesterday when i use the web. i ran the spybot search and destroy program to scan and fix problems as required per your instructions. i am using an xp pro os and internet explorer browser. here is the log copy and thank you for any help you can provide.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:40:22 PM, on 4/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\Program Files\ISP50\MAXSPEED\propelac.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\osxtudlu.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\PROGRA~1\PEOPLE~1\bin\ppshared.exe
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\PROGRA~1\PEOPLE~1\dialer\DIALER.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\ginsbergh\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O1 - Hosts: 156.98.75.188 hennote1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.143 hcmail1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.172 hcmail2.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.173 hcmail3.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.174 hcmail4.co.hennepin.mn.us
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\PeoplePC Online\bin\BandObject.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC Online\hta\station.sbrt
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\ISP50\MAXSPEED\propelac.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [immplzko] C:\WINDOWS\System32\osxtudlu.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-image.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Netilla App Component - https://hades.netillavo.com/tarantella/java/ttaA-du.cab
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f0ce3f391e1cf8ed19/netzip/RdxIE601.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.3058101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\Software\..\Telephony: DomainName = courts.state.mn.us
    O17 - HKLM\System\CCS\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\System\CS1\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = courts.state.mn.us
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi hcginsberg,

    Welcome to Wilders!!!

    First go HERE and follow the instructions to remove msg121.dll.

    Then reboot and post a new HJT log as there will still be a few items to fix.

    Regards,
    Kent
     
  3. thank you so much for your reply. i did as directed, and when i ran the start file in the unzipped folder received a message about not being able to do something with the sms file and that is may be missing or corrupted. then i received the dreaded fatal error blue screen. the computer shut down, and i believe it restarted on it's own. i did the clean bat file directive but couldn't find any of the files noted in the sys 32 drivers area (search msn, netscape, or ie auto search) I cleared the temp interent files from the internet options box is the browser tools section but don't know anything about the hidden files. sorry to be a bother. i'm trying.

    here's the log anyway just so you can see it.

    Logfile of HijackThis v1.97.7
    Scan saved at 5:06:03 PM, on 4/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\Program Files\ISP50\MAXSPEED\propelac.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\osxtudlu.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\PEOPLE~1\bin\ppshared.exe
    C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\PROGRA~1\PEOPLE~1\dialer\DIALER.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ginsbergh\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O1 - Hosts: 156.98.75.188 hennote1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.143 hcmail1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.172 hcmail2.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.173 hcmail3.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.174 hcmail4.co.hennepin.mn.us
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\PeoplePC Online\bin\BandObject.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC Online\hta\station.sbrt
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\ISP50\MAXSPEED\propelac.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [immplzko] C:\WINDOWS\System32\osxtudlu.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-image.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Netilla App Component - https://hades.netillavo.com/tarantella/java/ttaA-du.cab
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f0ce3f391e1cf8ed19/netzip/RdxIE601.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.3058101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\Software\..\Telephony: DomainName = courts.state.mn.us
    O17 - HKLM\System\CCS\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\System\CS1\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = courts.state.mn.us
     
  4. i also don't know if i successfully signed on as an administrator only.
    i'm not sure how to do that.....
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi harvey ginsberg,

    Welcome to Wilders.

    Before you start, please unzip or move HijackThis to a separate folder. The program will make backups in the folder it's in. These easily get lost in a temporary folder.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll

    O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [immplzko] C:\WINDOWS\System32\osxtudlu.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11f0ce3f391e1cf8ed19/netzip/RdxIE601.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab

    Please download the KillBox from HERE.

    Unzip it to a folder of it's own, not to the desktop or a temp folder.
    Click on The KillBox.exe and it will open.
    Now click find then find msg{}.dll.
    Then on the little pop up window, that says killbox file list,
    Click file >> create log,
    And a pop up says do you want to create a log in notepad?
    Click yes and then save as usual in notepad.

    Then reboot in Safe Mode and delete the following:

    There also may be hidden files. See HERE for how to show hidden files.

    c:\progra~1\iesearchbar\ <-- entire folder
    C:\WINDOWS\Downloaded Program Files\bridge.dll
    C:\WINDOWS\System32\osxtudlu.exe
    C:\WINDOWS\Belt.exe

    Reboot and then post a fresh HijackThis log along with the KillBox log..

    Regards,
    Kent
     
  6. i did the steps requested, but could not find a bridge.dll file anywhere, even showing hidden files. here are the logs. the problem still exists. thank you very much for your time.

    Log for KillBox Version: 2.00.0176
    ------------------------------------

    ---msg{}dll search---
    C:\WINDOWS\System32\msgina.dll
    C:\WINDOWS\System32\msgsvc.dll
    C:\WINDOWS\System32\Msgsys.dll
    C:\WINDOWS\System32\dllcache\msgina.dll
    C:\WINDOWS\System32\dllcache\msgr3en.dll
    C:\WINDOWS\System32\dllcache\msgrocm.dll
    C:\WINDOWS\System32\dllcache\msgsvc.dll
    C:\WINDOWS\System32\Setup\msgrocm.dll


    Logfile of HijackThis v1.97.7
    Scan saved at 6:28:32 PM, on 4/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\Program Files\ISP50\MAXSPEED\propelac.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\PEOPLE~1\bin\ppshared.exe
    C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\PeoplePC Online\bin\bartshel.exe
    C:\PROGRA~1\PEOPLE~1\dialer\DIALER.EXE
    C:\Documents and Settings\ginsbergh\Desktop\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    O1 - Hosts: 156.98.75.188 hennote1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.143 hcmail1.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.172 hcmail2.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.173 hcmail3.co.hennepin.mn.us
    O1 - Hosts: 156.98.75.174 hcmail4.co.hennepin.mn.us
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\PeoplePC Online\bin\BandObject.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC Online\hta\station.sbrt
    O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
    O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\ISP50\MAXSPEED\propelac.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\ISP50\MAXSPEED\pac-image.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Netilla App Component - https://hades.netillavo.com/tarantella/java/ttaA-du.cab
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.3058101852
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\Software\..\Telephony: DomainName = courts.state.mn.us
    O17 - HKLM\System\CCS\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = courts.state.mn.us
    O17 - HKLM\System\CS1\Services\Tcpip\..\{343923DF-941F-4D5B-BBB2-651D4CE8CC81}: NameServer = 209.116.241.10 216.99.225.31
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = courts.state.mn.us
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Harvey,

    Go HERE and download Windows Script 5.6 for Windows 2000 and XP and install. Hopefully this will solve your problem as this behavior may be caused by a corrupted Windows Script component.

    Regards,
    Kent
     
  8. hi kent,

    i want to thank you for all your help and time. you are amazing and appreciated very much. thanks again.

    harvey ginsberb
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi harvey,

    Thanks for the kind words. I am just happy I could of been some help.

    Regards,
    Kent
     
Thread Status:
Not open for further replies.