|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
help with dwwin.exe application error--virus?
I think this is a problem in my program/drivers and I am seeking to reinstall them as per information I found by learning to use the Computer Management in System tools. I hope I will be able to fix it myself. Sorry for the long post!!!! I did not know how to delete it.
I hope this is the right place. I've been reading messages here for several days looking for similar answers, and the closest I could find suggested virus problem. I have run checks on my system hoping to fix it on my own, but no luck. Unfortunatley, i use AOL and I know there are lots of problems with it...but it's all I have for now...whenever I am online, especially using email, I get tons of "dwwin.exe application error oxcooooooo5, failed to initialize" etc. I also get repeated "runtime" errors and debugging messages when I visit sites, especially php message boards. I've heard that is an AOL problem, but I think there is more to this onslaught of constant error messages. In other threads, you suggest running hijack this and posting the report here, so I took the liberty to do that and hope you can help me fix the problem. I have Windows XP. Here is the log for my Cdrive. I also have a couple other drives on my computer if you need me to scan those, too, but they are for storage. Thanks! Logfile of HijackThis v1.99.1 Scan saved at 11:45:28 AM, on 6/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\MDM.EXE C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Documents and Settings\Tammy\Desktop\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm869YYUS O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1211997135781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1205339745500 O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC3CB9E-E768-4632-A7CF-75DA5EFCDCC5}: NameServer = 205.188.146.145 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Last edited by annette60; June 4th, 2008 at 09:31 PM. |
#2
|
||||
|
||||
Welcome to CTH annette60,
Not to exclude what you may have discovered about driver issues, you do have a full install of MyWebSearch adware/spyware there, and it could be involved in online issues/problems. If you still would like us to do some checks I'll provide some steps to get in a more detailed scan here. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges. Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK): "%userprofile%\desktop\dss.exe" /config When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following: System Restore Temp Cleanup Process Modules Then under Options, place a check next to the following: Backup Registry Hives Don't make any other changes at this time. Then click the "Scan!" button to start the scan. Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder) You can use extra posts here if needed for that. |
#3
|
|||
|
|||
Tom, Thank you so much for your help. I did run some repairs on my harddrive as I found some error messages...but I did not know about the spyware and would appreciate your help.
Here is the log you requested---hope I did this right...I'm not so good at this... Deckard's System Scanner v20071014.68 Run by Tammy on 2008-06-04 21:55:45 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. -- HijackThis (run as Tammy.exe) ----------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-04 21:56:47 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\aol\1173571032\ee\aolsoftware.exe C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\Common Files\aol\acs\AOLacsd.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MSGSYS.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\MDM.EXE C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Documents and Settings\Tammy\Desktop\dss.exe C:\WINDOWS\system32\taskmgr.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm869YYUS O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: https://www.actionfx.com (HKCU) O15 - Trusted Zone: https://daisiecompany.com (HKCU) O15 - Trusted Zone: https://pccrafter.com (HKCU) O15 - Trusted Zone: https://www.ups.com (HKCU) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1211997135781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1205339745500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5206 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 GhPciScan (GhostPciScanner) - c:\program files\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner> R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 GhostStartService - c:\program files\symantec\norton ghost 2003\ghoststartservice.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-05-04 and 2008-06-04 ----------------------------- Nothing created in this timespan. -- Find3M Report --------------------------------------------------------------- 2008-04-10 08:09:32 0 d-------- C:\Program Files\AOL 9.0a 2008-04-10 08:07:33 0 d-------- C:\Program Files\Common Files\aolshare 2008-04-10 08:07:21 0 d-------- C:\Program Files\AOL Companion 2008-04-10 07:26:47 0 d-------- C:\Program Files\FunWebProducts 2008-04-04 19:20:26 0 d-------- C:\Program Files\MyWebSearch 2008-04-04 19:20:16 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [08/14/2002 04:21 PM] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM] "vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/2001 08:59 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/04/2004 11:31 AM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM] "HostManager"="C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe" [05/25/2007 12:16 PM] "My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [04/04/2008 07:20 PM] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.e xe" [04/04/2008 07:20 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "AOL Fast Start"="C:\Program Files\AOL 9.0a\AOL.exe" [04/18/2007 01:49 AM] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.e xe" [04/04/2008 07:20 PM] -- End of Deckard's System Scanner: finished at 2008-06-04 21:58:02 ------------ |
#4
|
|||
|
|||
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) XEON(TM) CPU 1.80GHz Percentage of Memory in Use: 58% Physical Memory (total/avail): 511.01 MiB / 210.53 MiB Pagefile Memory (total/avail): 1249.48 MiB / 960.4 MiB Virtual Memory (total/avail): 2047.88 MiB / 1944.64 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 33.9 GiB total, 25.06 GiB free. D: is Fixed (NTFS) - 111.79 GiB total, 111.68 GiB free. E: is Fixed (NTFS) - 167.69 GiB total, 138.56 GiB free. F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - Maxtor 7L300R0 - 279.47 GiB - 2 partitions \PARTITION0 - Installable File System - 111.79 GiB - D: \PARTITION1 - Installable File System - 167.69 GiB - E: \\.\PHYSICALDRIVE1 - FUJITSU MAN3367MP SCSI Disk Device - 33.91 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 33.9 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntivirusOverride is set. [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer" "C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe:*:Enabled:AOL Connectivity Service" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Prog ram Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled: AOL TopSpeed" "C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe:*:Enabled:AOL System Information" "C:\\Program Files\\Common Files\\aol\\1173571032\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\aol\\1173571032\\ee\\aolsoftware.exe:*:Enab led:AOL Services" "C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Tammy\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=D8MNT11 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Tammy LOGONSERVER=\\D8MNT11 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Common Files\Adaptec Shared\System PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Tammy\LOCALS~1\Temp TMP=C:\DOCUME~1\Tammy\LOCALS~1\Temp USERDOMAIN=D8MNT11 USERNAME=Tammy USERPROFILE=C:\Documents and Settings\Tammy windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Tammy (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu" AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Barcode Maker 5 --> MsiExec.exe /X{42DE7517-B510-428B-A823-2332E2BCCDB6} Barcode Maker 5 --> MsiExec.exe /X{F0D5FC62-FE83-4B16-8183-EBF4C47769EF} BlueVoda Website Builder 8.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\BlueVoda Website Builder\irunin.ini" Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe Dell Laser Printer 1100 Software Uninstall --> C:\Program Files\DELL\Dell Laser Printer 1100\Install\setup.exe /Uninstall Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe" HijackThis 1.99.1 --> C:\Documents and Settings\Tammy\Desktop\hijackthis\HijackThis.exe /uninstall Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spunins t.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst .exe" Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8} Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C} My Web Search (Cursor Mania) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O MyFonts Order M945555 --> MsiExec.exe /I{AC1A0C88-45DF-1284-734A-6FDD0D96C79F} Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509} Norton Ghost --> MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8} NVIDIA Display Driver --> C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe " Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spunins t.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} XML Paper Specification Shared Components Pack 1.0 --> -- Application Event Log ------------------------------------------------------- Event Record #/Type7419 / Warning Event Submitted/Written: 06/04/2008 03:50:10 PM Event ID/Source: 5603 / WinMgmt Event Description: A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type7418 / Warning Event Submitted/Written: 06/04/2008 03:50:10 PM Event ID/Source: 5603 / WinMgmt Event Description: A provider, OffProv, has been registered in the WMI namespace, Root\MSAPPS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type7415 / Error Event Submitted/Written: 06/04/2008 10:52:40 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application MSE.EXE, version 6.1.83.92, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type7414 / Error Event Submitted/Written: 06/03/2008 03:51:40 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application MSE.EXE, version 6.1.83.92, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type7411 / Warning Event Submitted/Written: 06/02/2008 00:34:09 PM Event ID/Source: 6 / Norton AntiVirus Event Description: Scan could not open file E:\System Volume Information\_restore{305CF080-039C-471A-B6E9-0F7392B96E48}\RP424\change.log [00000003] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type32132 / Error Event Submitted/Written: 06/04/2008 09:56:43 PM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event Record #/Type32131 / Error Event Submitted/Written: 06/04/2008 09:56:43 PM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Event Record #/Type32120 / Error Event Submitted/Written: 06/04/2008 06:50:11 PM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event Record #/Type32119 / Error Event Submitted/Written: 06/04/2008 06:50:11 PM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Event Record #/Type32087 / Error Event Submitted/Written: 06/04/2008 06:25:40 PM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. -- End of Deckard's System Scanner: finished at 2008-06-04 21:58:02 ------------ |
#5
|
||||
|
||||
Looks like the errors do center around web activities, including Windows scripting errors and some related to an MS Office online data utility, also based on some scripting and WMI functions. But with software like that BlueVoda Website Builder I would sense tie ins to maybe some projects you have been doing there. There is a rarely seen driver showing - not really quite sure other than this IBM info on it's actual uses though.
R2 pmem - c:\windows\system32\drivers\pmemnt.sys And adware to remove as well, as I mentioned. Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. My Web Search (Cursor Mania) Viewpoint Media Player - preinstalled software that is adware associated Once you have completed those uninstalls reboot, and post back just a new HijackThis log for now. Also some more info on the problems and issues if you would. |
#6
|
|||
|
|||
Thank you, Tom.
Regarding your comments/questions: YOu mentioned errors connected with MS office online....and I remember that I used to have TONS of problems downloading any Excel documents my husband would send me on the internet so I stopped using them. Perhaps my kids use this utilitiy...I do not know. Regarding my web activities, I work at an online company where we sell downloadable art. Most of the communicating is done on their Message Board which is a php (?) board ..they recently did a huge redesign and since then EVERYONE who uses AOL has constant problems with debugging and posting errors...so they told us it was an AOL problem...I just avoid it for now but do have alot of runtime and debug errors there. I have not used the Blue Voda builder in over a year...gave up on building my own site for while. If I "got" anything while there, my problems probably would have started long ago. My teens do use my computer to play some online games and frequent the XBOX website, so maybe they picked up a problem there? I'm not sure how else to describe my problem, except that I have been getting the application and runtime errors and horrible "debug" error problems incessantly the last few days. here is my new Hijack this log after removing what you said....OH..while I was in there, I noticed a couple old programs so I removed them. I also saw something called "Answerworks Runtime" that makes no sense to me... Also, when I rebooted, I was asked about reinstalling "Viewpoint" because it was used to display Super Buddies and some desktop themes, so I suspect that came from AOL. I did not reinstall it. Logfile of HijackThis v1.99.1 Scan saved at 10:47:07 PM, on 6/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Documents and Settings\Tammy\Desktop\hijackthis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173571032\ee\AOLSoftware.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm869YYUS O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1211997135781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1205339745500 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
#7
|
||||
|
||||
Just some MyWeb/FunWeb remnants to clean showing. When you are on sites other than your employer's board the problems it causes carries over? Just trying to determine what area of CTH, if any, might offer some ideas on this.
Post back on that, and do the following to clean the last of MyWeb. Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm869YYUS O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab |
#8
|
|||
|
|||
Thank you so much, Tom. I did all those things and so far, so good.
I have not had one application error at all today! I have had a couple of runtime errors, but only when I first start up the internet and my email (AOL) so I think it might have something to do with that. It is NOTHING compared to what it was yesterday, though. Between your help, and running the repairs on my C drive, I hope things are "fixed up"! Thank you so much. I will post back if I have more troubles and try to be more specific on them. I do have another question...do you know about that Answerworks Runtime? Also, do you know about AOL's spyzapper? I thought the spyzapper would be all I need to prevent the adware from gettiing in (it runs each time I log onto AOL).... What program do you recommend I get to protect my computer better? I thank you so much for your help. |
#9
|
||||
|
||||
I overlooked responding to your Viewpoint statement. View point is either pre-installed stand-alone, or very often pre-installed as part of the pre-installed AOL. For those who opt to use AOL it seems okay, but for most others AOL's preinstall is pretty complex and pervasive for complete removal. But AOL partners with other borderline softwares like Weatherbug, and lately even Chinese adware maker QQ/Tencent for what is said to be an adware free game software. For Viewpoint just taking a look at their webpage always seems to say what they are all about (marketing).
Answerworks was installed there as part of another software, so uninstalling it, as suggested in their FAQ's, might then corrupt the "parent" software. Did you all actually install software for this problem website? |
#10
|
||||
|
||||
One of the errors I mentioned earlier is related to an MS office, but web info indicates it is some software that is requesting privilege elevation. Since you still had the errors, Go to Start - Run, type eventvwr.msc (and Enter). Click on the System icon to expand the list in the right column. Look through that list for Errors posted at the same time you get your problems there. Copy/paste back here any items of significance you see.
You can post what you find back here by double-clicking on each Error/Warning in the log. In the upper corner of that display is an icon (a sorta double file icon) you can click to copy the information to your clipboard, then open a Notepad text and Paste the information, and repeat that to develop a log to post back here for review. |
#11
|
|||
|
|||
thank you so much Tom. I did not install any software as you asked above...i just saw it listed in my programs list and wondered what it was. figured it was part of another program/install.
I am error free almost all day except when I first boot AOL i always get this: Runtime Error: SuperTabPane is undfined. Do you wish to debug?" I just say no and go on. I get that error alot when first getting online But that is the only one I got today. Yipee!!! I will rememberto do as you suggest the next time I get errors and post back here. YOU ROCK! |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Error closing programs(Dwwin.exe?) Hijack included | Xeno-Fenix | Malware Removal | 2 | December 4th, 2006 05:20 AM |
dwwin.exe application error | joni1199 | Windows XP | 1 | April 7th, 2006 02:25 AM |
winlogon.exe application error - virus>?? | sswwrite | Malware Removal | 9 | February 7th, 2006 02:42 PM |
DivX dwwin.exe error | MerrimanMerlin | Applications | 1 | January 4th, 2006 12:58 AM |
dwwin.exe error upon restart | jaredlet | Windows XP | 2 | October 27th, 2005 07:07 PM |
All times are GMT +1. The time now is 03:45 AM.