Post by: jellybean on May 04, 2004, 02:28:03 PM
I am having a lot of problems with my winlogon.exe taking my CPU usage up to 100%.Could somebody take a look at the HijackThis log below and indicate what the problem might be/what to ged rid of or repair? I would greatly appreciate the help.
Regards
Jellybean
Logfile of HijackThis v1.97.7
Scan saved at 20:30:58, on 5/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Julie.Behan\My Documents\My Received Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/...gen/default.htm (http://\"http://www.euro.dell.com/countries/uk/enu/gen/default.htm\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = staff-proxy.ul.ie:8080
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: (no name) - {D2732C32-CF2F-4D54-A63F-BAC5D0170E13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: (no name) - {5D58EFB6-C0AA-4D0B-9945-149EDD1887A9} - (no file)
O3 - Toolbar: BORE TRANS TRAY - {636B5D20-CCC0-8375-EBE7-856641254CD1} - C:\PROGRA~1\DATAGR~1\Obj internet.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [shim camp] C:\PROGRA~1\idol boob readme\Elsenoun.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GreatDownloads] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:GreatDownloads:t
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: GreatDownloads (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab (http://\"http://www.apple.com/qtactivex/qtplugin.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03da3f2158db6c2baa05/...ip/RdxIE601.cab (http://\"http://207.188.7.150/03da3f2158db6c2baa05/netzip/RdxIE601.cab\")
O16 - DPF: {6369C1DE-BC90-45FF-8A7A-EAE2651544C2} (OTASelect Class) - http://logo.vodafone.ie/owls/main/OWL2.cab (http://\"http://logo.vodafone.ie/owls/main/OWL2.cab\")
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab (http://\"http://digitalflip.org/fvlite/fvliteY.cab\")
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab (http://\"http://acceso.masminutos.com/laaplicacion.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37648.1328125 (http://\"http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37648.1328125\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://62.210.175.216/cabs/msway.cab (http://\"http://62.210.175.216/cabs/msway.cab\")
Post by: Guest on May 07, 2004, 12:26:51 PM
Post by: Guest on May 09, 2004, 11:57:31 AM
Post by: supakit on May 09, 2004, 12:55:39 PM
So, I solved the problem by install ZoneAlarm software and disable winlogon.exe connected into internet. that can be solove the problem. but what to know how to remove or repair that file or problem.
Post by: Guest on May 13, 2004, 01:00:52 AM
Post by: Guest on May 13, 2004, 10:13:09 AM
Post by: mprett on May 14, 2004, 03:58:47 PM
Post by: DarkPrynce on May 19, 2004, 08:51:49 PM
Post by: Guest on May 20, 2004, 09:57:08 AM
i had same problem today on client laptop, solved
The utility can be
downloaded from ftp://ftp.kaspersky.com/utils/clrav/ (http://\"ftp://ftp.kaspersky.com/utils/clrav/\").
(ftp://ftp.kaspersky.com/utils/clrav/)
fido_ri@Email Removed
Post by: Guest on May 21, 2004, 08:54:04 AM
Post by: Dave Towne on May 23, 2004, 01:34:50 PM
I suspect that the problems reported are all due to an infection in this file.
Question is: how to get a clean copy / restore a clean copy of this program.
Post by: Nancy on May 25, 2004, 05:31:14 PM
I suspect that the problems reported are all due to an infection in this file.
Question is: how to get a clean copy / restore a clean copy of this program.[/quote]
My home computer suddenly came up with an error message:
"winlogon.exe - Application Error"
Whether I click OK, CANCEL or just click the X to close it, it reboots my computer.
I have been doing research on my computer at work. It may be a Sasser Worm. I have printed out all kinds of instructions. Does anyone have the same problem? If so, do you have some data or a solution.
MicroSoft says to go to Task Manager, end the task, then install the Microsoft Securty Bulletin MS04-011
Thanks . . . Nancy
Post by: Guest on May 25, 2004, 11:41:43 PM
I suspect that the problems reported are all due to an infection in this file.
Question is: how to get a clean copy / restore a clean copy of this program.[/quote]
My home computer suddenly came up with an error message:
"winlogon.exe - Application Error"
Whether I click OK, CANCEL or just click the X to close it, it reboots my computer.
I have been doing research on my computer at work. It may be a Sasser Worm. I have printed out all kinds of instructions. Does anyone have the same problem? If so, do you have some data or a solution.
MicroSoft says to go to Task Manager, end the task, then install the Microsoft Securty Bulletin MS04-011
Thanks . . . Nancy [/quote]
welcome to may 25th - the day the virus hit.
something's going around, and no one's sure what it is.
try booting your system w/ your network cable unplugged - that'll at least get you up & running. once you're in, go to start -> control panel -> network connections, then disable your local area connection. until there is ia fix, this will allow you to reboot your computer w/o an error message being generated. however, you will not be able to access the internet.
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />finally, if you boot the system w/ your network connection disabled, you can open task manager (right click on the taskbar @ the bottom of your screen and go to task manager) and end any rundll32 processes that are currently running. then, you can re-enable your network connection, plug the network cable in, and access the internet. just MAKE SURE to disable your network connection again before you shut down.
i imagine there WILL be a fix, eventually... they just have to figure out what it is, how it's getting in, and how to keep it out. good luck, nancy!
sasser generates an error message about lsass.
Post by: Nelson on May 26, 2004, 10:24:44 AM
It is rather likely that you do in fact have a Sasser variant, if this is the case you should go to the following web page and follow the instructions in the recovery section about halfway down on the page.
http://www.microsoft.com/technet/security/...rts/sasser.mspx (http://\"http://www.microsoft.com/technet/security/alerts/sasser.mspx\")
According to Microsoft this should solve your problem.
Nelson
Post by: BrusLi on May 26, 2004, 02:37:06 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> and i apparently fixed it with SPY S&D....
Post by: Christian on May 27, 2004, 03:11:59 PM
Then if you're running XP or 2000 and would like to futher tweak go to BlackViper.com (http://\"http://www.blackviper.com\") and look for Windows Service Configurations! Includes complete explanations of each service and advice on which services you can safely disable.
Post by: Pako on May 29, 2004, 01:38:44 AM
I bought and installed ZoneAlarm pro and disabled winlogon.exe access to the internet, and that solved the problem just great. Apparently it is some type of Trojan/backdoor that loads something on the net, eating up the resources.
So, as people previously said, try loading your computer while being disconnected to the internet. If you absolutely must use internet, buy Zonealarm until a fix is found.
The main point of this post is to sum up previous ones and advise people NOT to try reinstalling XP.
Post by: Pako on May 29, 2004, 01:45:58 AM
Post by: another guest on May 29, 2004, 02:00:04 PM
Post by: Pako on May 29, 2004, 04:27:48 PM
As for virus scanning, try Panda ActiveScan. It is an online scanning device that bypasses the ability of some virii to lock the anti-virus.
If your computer remains infected, you will have to note on a piece of paper which files you need to delete using Norton and delete them with WinXP recovery console (load from the WinXP installation cd and press R when you are prompted to do so).
Winlogon infections seem to be related somewhat with VX2.BetterInternet. You can download VX2Finder and save a log. Copy and paste the log back here and I will help you as I can.
Post by: Guest on May 29, 2004, 10:27:41 PM
Post by: Another Guest on May 30, 2004, 09:24:07 AM
Post by: Guest on May 30, 2004, 10:27:45 PM
Download from here:
http://www.softpedia.com/public/cat/10/17/...10-17-150.shtml (http://\"http://www.softpedia.com/public/cat/10/17/10-17-150.shtml\")
Post by: james on June 14, 2004, 05:41:22 AM
AGV says i got a trojan downloader.small.gs and the infected file is winlogon.exe
i have tried just about everything to get rid of it but nothing is working
help would be much appreciated
cheers
James
Post by: Kenny on June 14, 2004, 11:11:09 AM
Check out this page:
http://www.securemost.com/articles/trou_3_...ir_winlogon.htm (http://\"http://www.securemost.com/articles/trou_3_remove_windir_winlogon.htm\")
If you have trouble connecting.
Here's a short description:
It is a known technique that spyware, adwares, viruses, keyloggers etc use to hide from users - to drop files on the system that use the same name as a legitimate file but in a different directory. WinDir.winlogon locates a file winlogon.exe in %WinDir% on your system. The legitimate winlogon.exe file is located in %SystemDir%. Do not delete %WinDir%winlogon.exe unless you are 100% sure it is a threats.
If you find WINLOGON.EXE in your windows directory AND your Windows/System32 directory, try to remane WINLOGON.EXE in the windows dir.
It helped me.
Good luck
/KJ
Post by: Teresa on June 17, 2004, 09:29:42 AM
Thanks.
T
Post by: Guest on June 17, 2004, 07:56:13 PM
How do you actually end the svchost? And which one? There are several in the task manager.
Post by: Guest on June 18, 2004, 08:11:44 PM
i d/l everything that all you have given me and did what you all said
just to be safe. to erase the sychost you delete the one which is take all the memory. thats what i did but then the winlogon.exe was giving me the problems so use this
http://www.microsoft.com/technet/security/...n/ms04-011.mspx (http://\"http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx\")
that might work. thank you all again laters and take care.
"You got one life to live, so live it to the fullest."
---Dark Shadow---
/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
Post by: Guest_guest on June 26, 2004, 02:46:33 PM
I was having same problems with winlogon.exe and the pop-up messages. I had adaware spybot and CWSshredder and kept finding dll files used with winlogon.exe and rundll32.exe. If you shut down rundll32.exe the pop-ups stop but everytime you reboot a new dll file will be created.
you have to show all files including hidden and systems. I found vzdata.dll, ounce deleted you solve the problem.
Post by: Isha on June 30, 2004, 02:03:25 PM
Hey, i had the same prob.. but i updated and ran Ad-Aware6.0 and the thing is taken care of! .
I m so relieved!!
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Post by: Guest_nick on July 02, 2004, 03:09:10 PM
winlogon.exe IS NOT sasser. i work for ms in their pcsafety div. i answer tech support lines for sasser and others all day long.
winlogon.exe, when infected, is the netsky.d worm.
sasser would give you an error with c:\windows\system32\lsass.exe when you attempt to get on the net.
there are also many other viruses that give this same error report, sdbot and korgo to name 2.
i can't stress enough to you guys that you MUST do windows update on a regular basis. that is you best first defense for worms.
any questions, email quickquest88Email Removed(hopefully i won't get spammed). i would be happy to help. or call 1-866-pcsafety. just a warning, not all agents are trained in all the virus/worm info. some are smarter than others. but we will be happy to help.
Post by: Edward - New Zealand on July 04, 2004, 04:37:21 AM
The best solution i can offer people out there is install a good Antivirus package, and keep it up to date!.
I work in the computer industry and my recomendation if you want a top class package. THE ONLY ONE I RECCOMEND IS NOD32 it is fast, auto updates and has not failed me yet. Check out the reviews and tests with other packages.
www.nod32.com - You will not regret it. By the way I do not work for them or get paid to promote their product.
Post by: xavi on July 10, 2004, 08:33:59 PM
I am having a lot of problems with my winlogon.exe taking my CPU usage up to 100%.Could somebody take a look at the HijackThis log below and indicate what the problem might be/what to ged rid of or repair? I would greatly appreciate the help.
Regards
Jellybean
Logfile of HijackThis v1.97.7
Scan saved at 20:30:58, on 5/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Julie.Behan\My Documents\My Received Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/...gen/default.htm (http://\"http://www.euro.dell.com/countries/uk/enu/gen/default.htm\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html (http://\"http://allaboutsearching.com/searchbar.html\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = staff-proxy.ul.ie:8080
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: (no name) - {D2732C32-CF2F-4D54-A63F-BAC5D0170E13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)
O3 - Toolbar: (no name) - {5D58EFB6-C0AA-4D0B-9945-149EDD1887A9} - (no file)
O3 - Toolbar: BORE TRANS TRAY - {636B5D20-CCC0-8375-EBE7-856641254CD1} - C:\PROGRA~1\DATAGR~1\Obj internet.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [shim camp] C:\PROGRA~1\idol boob readme\Elsenoun.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GreatDownloads] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:GreatDownloads:t
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: GreatDownloads (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab\")
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab (http://\"http://www.apple.com/qtactivex/qtplugin.cab\")
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab (http://\"http://www.musicnotes.com/download/mnviewer.cab\")
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe (http://\"http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe\")
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03da3f2158db6c2baa05/...ip/RdxIE601.cab (http://\"http://207.188.7.150/03da3f2158db6c2baa05/netzip/RdxIE601.cab\")
O16 - DPF: {6369C1DE-BC90-45FF-8A7A-EAE2651544C2} (OTASelect Class) - http://logo.vodafone.ie/owls/main/OWL2.cab (http://\"http://logo.vodafone.ie/owls/main/OWL2.cab\")
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab (http://\"http://digitalflip.org/fvlite/fvliteY.cab\")
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab (http://\"http://acceso.masminutos.com/laaplicacion.cab\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab\")
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab (http://\"http://toolbar.google.com/data/GoogleActivate.cab\")
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37648.1328125 (http://\"http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37648.1328125\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://62.210.175.216/cabs/msway.cab (http://\"http://62.210.175.216/cabs/msway.cab\")[/quote]
delete: O4 - HKCU\..\Run: [GreatDownloads] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar
Post by: RESRUDEBOY on August 04, 2004, 05:08:19 AM
Can anyone explaine to me how to get into the OS with the winlogon error showing? it seems to pop up as soon as i boot up. then reboots when i click debug.
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Post by: Guest on August 14, 2004, 02:55:06 AM
Start in Safe mode by pressing F8 when booting when it says
Verifying DMI Pool Data or something like that. Choose boot in safe mode, if you have broadband, go to Internet and get all XP Patches and run a virus scan. *XP SP2 is out soon!* log on as the Administrator.
Get the right patches and you are there!
C.G.
TMB International
http://www.tmb.net.tc (http://\"http://www.tmb.net.tc\")