Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

This Is Driving Me Nuts!


  • Please log in to reply

#1
webcyber

webcyber

    New Member

  • Member
  • Pip
  • 2 posts
This all began on Thursday 9/16/2004. Entirely my fault. I was installing an Internet Explorer update (specifically Q832894.exe) when suddenly McAfee popped up and told me it was suspicious of a file trying to execute the "Run" command. Unfortunately, believing it to be part of the update process, I allowed it to run. Shortly thereafter I found myself in the middle of "POP-UP Land."

Initially I tried to track down and excise the problem from a DOS prompt in Safe Mode, but I was a little overzealous and accidentally deleted (renamed) 4 critical files needed to launch Windows.

Feeling that I had rid myself of this annoyance, I decided it best to re-install Win2K as an upgrade so as to avoid re-installing all of my software - to restore any other critical files I might have accidentally renamed, deleted or moved.

This is when the REALLY wierd stuff began to happen. Every time I tried to run a software installation, MSIEXEC would launch the installation for some software that was alreday installed and would NOT run the intended installation. I finally got that to stop by deleting the application it kept referring to. I would note, however, that I still get the Installation dialogue every now and again for no reason.

Additionallly, whatever this is\was trashed my registration for an application which I had a hand in writing, telling me it was no longer registered. SHEESH!

Furthermore, I was getting symptoms of the first problem again as well - and sure enough, I found conscorr.exe once again on my HD. <_<

My search for help brought me here and I found instructions for the removal of the malware involving localNRD.dll and conscorr.exe. I followed those instructions and indeed I seem to be rid of that particular headache, but I am left with all of this OTHER stuff!

Those instructions also recommended particular software, in addition to HJ that I am now running.

Frankly, I am baffled. I've never seen anything like this. I'm running Win2k Pro - currently with SP4. The symptoms are odd and many. Whatever it is disabled McAfee and will not allow the updated, downloaded version to run. (The original version and DAT files date back to May 2004.) THAT version reports no virus, but again, it is not a current DAT file.

The right-hand panels of my Help files and of Control Panel refuse to display and I get the following error message:

-------------------------------------
An error has occured in the script on this page.

Line: 361
Char: 13
Error: 'gFolder.HaveToShowWebViewBarricade' is null or is not an object
Code: 0
URL: file://C:\WINNT\Folder.htt

Do you want to continue running scripts on this page?

YES NO
-----------------------------------------------

Ad-Aware tells me I currently have no problem. Suddenly now, when I try to run HijackThis, I get 3 error messages. Note that HijackThis resides in its own directory on a HD as recommended and initially ran just fine, including doing backups and saving log files.

1. When the app first opens, I get this:
"It looks like you're running HijackThis from a read-only device like a CD or locked floppy disk. If you want to make backups of items you fix, you must copy HijackThis to your hard disk first and run it from there."

2: When I hit the Scan button now, I get this:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this...." etc.

3. Then, when I go to save the log, no matter which drive I try, I get this dialogue:

------------------------------------
"An unexpected error has occurred at procedure: cmdScan_Click()
Error #48 - Error in loading DLL

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error

Windows version: Windows NT 5.00.2195
MSIE version: 6.0.2800.1106
HijackThis version: 1.97.7

This message has been copied to your clipboard."
--------------------------------------------------

The only way I could think of to record the results was to do a screen capture. I have placed a GIF (27 K) of the log file at:

http://www.webcyber..../HijackThis.gif

Here also is a copy of my SpyBot results:

---------------------------------------------
- Search result list ---

--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-09-16 Includes\Dialer.sbi
2004-09-16 Includes\Hijackers.sbi
2004-09-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-09-16 Includes\Malware.sbi
2004-08-12 Includes\Revision.sbi
2004-09-16 Includes\Security.sbi
2004-09-16 Includes\Spybots.sbi
2004-08-30 Includes\Tracks.uti
2004-09-16 Includes\Trojans.sbi


--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732


--- Startup entries list ---
Located: HK_LM:Run, 1A:Stardock TrayMonitor
command: "C:\Program Files\Common Files\stardock\TrayServer.exe"
file: C:\Program Files\Common Files\stardock\TrayServer.exe
size: 81920
MD5: b622763090173e9083788edaf2da079f

Located: HK_LM:Run, BootSkin Startup Jobs
command: "D:\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
file: D:\Stardock\WinCustomize\BootSkin\bootskin.exe
size: 270336
MD5: 998492d3c53eef257308c016ac9dd825

Located: HK_LM:Run, DeviceDiscovery
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 40960
MD5: 7d750887e39563620bc5f057295a501d

Located: HK_LM:Run, HP Software Update
command: "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
file: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: e558cde2913daa077d4e25732d1aa176

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
file: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
size: 172032
MD5: 25328ff38d128ef5891c13843168c30b

Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 1237042
MD5: ebfd042559102f81b22b7d99ff3300c5

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINNT\Logi_MwX.Exe
size: 19968
MD5: cddabeaca10942f0ddde962fe0dac71a

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINNT\system32\NeroCheck.exe
file: C:\WINNT\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
file: C:\WINNT\system32\RUNDLL32.EXE
size: 10000
MD5: 1ed5274825cd1eebbe102b9ff7c9ec31

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINNT\system32\RUNDLL32.EXE
size: 10000
MD5: 1ed5274825cd1eebbe102b9ff7c9ec31

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: HK_LM:Run, WinPatrol
command: D:\WinPatrol\winpatrol.exe
file: D:\WinPatrol\winpatrol.exe
size: 110592
MD5: db9446a20ba166236e14e10efbd3781e

Located: HK_CU:Run, CursorXP
command: D:\Stardock\Object Desktop\CursorXP\CursorXP.exe
file: D:\Stardock\Object Desktop\CursorXP\CursorXP.exe
size: 78848
MD5: 0af586321121c7421a0259a2b8cb54fd

Located: HK_CU:Run, SpybotSD TeaTimer
command: D:\Spybot\TeaTimer.exe
file: D:\Spybot\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: Startup (common), BARCLOCK.EXE.lnk
command: D:\Barclock\BARCLOCK.EXE
file: D:\Barclock\BARCLOCK.EXE
size: 103424
MD5: 8c2704ae2e0ce144cf54a0240e072c28

Located: Startup (common), PopMenu exe.lnk
command: D:\WinBatch\System\popmenu.exe
file: D:\WinBatch\System\popmenu.exe
size: 98304
MD5: 075202fb17774389794b345b267e595b



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\Spybot\
Long name: SDHelper.dll
Short name:
Date (created): 05/12/04 1:03:00 AM
Date (last access): 09/21/04 5:32:40 AM
Date (last write): 05/12/04 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 09/13/04 1:17:12 PM
Date (last access): 09/21/04 5:32:40 AM
Date (last write): 07/21/04 12:31:58 PM
Filesize: 708608
Attributes: readonly archive
MD5: 76E459F4BDB7DE4DC828CF70CC6B94A2
CRC32: 8E5AF09F
Version: 0.2.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINNT\
Long name: opuc.dll
Short name:
Date (created): 08/27/03 7:10:30 AM
Date (last access): 09/19/04 10:31:40 AM
Date (last write): 08/27/03 7:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name:
Date (created): 09/18/04 3:21:24 AM
Date (last access): 09/18/04 2:25:40 PM
Date (last write): 09/18/04 3:21:24 AM
Filesize: 69740
Attributes: archive
MD5: 02803361D449A72585549856AD253BB9
CRC32: 65E663C8
Version: 0.1.0.5

{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\System32\
Long name: iuctl.dll
Short name:
Date (created): 08/25/03 9:06:50 PM
Date (last access): 09/19/04 10:30:04 AM
Date (last write): 08/25/03 9:06:50 PM
Filesize: 115808
Attributes: archive
MD5: 8757E24D6B002FD7E9EF3A6DF697BA57
CRC32: C4F85003
Version: 0.5.0.4

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object)
DPF name:
CLSID name: SassCln Object
Path: C:\WINNT\Downloaded Program Files\
Long name: SassCln.dll
Short name:
Date (created): 05/11/04 1:15:20 PM
Date (last access): 09/21/04 6:01:30 AM
Date (last write): 05/11/04 1:15:20 PM
Filesize: 118784
Attributes: archive
MD5: A41CA01D1F7E6F64BCD08C88FAEAF85F
CRC32: B5166F79
Version: 0.1.0.0

{A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object)
DPF name:
CLSID name: GDIChk Object
Path: C:\WINNT\Downloaded Program Files\
Long name: GDIChk.dll
Short name:
Date (created): 09/09/04 3:17:40 PM
Date (last access): 09/21/04 6:01:30 AM
Date (last write): 09/09/04 3:17:40 PM
Filesize: 65272
Attributes: archive
MD5: 56AF5FF66A5F8F927411B59B66107C84
CRC32: 61E0CF2E
Version: 0.1.0.0

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:

{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name:
Date (created): 09/18/04 3:21:24 AM
Date (last access): 09/21/04 6:15:32 AM
Date (last write): 09/18/04 3:21:24 AM
Filesize: 69740
Attributes: archive
MD5: 02803361D449A72585549856AD253BB9
CRC32: 65E663C8
Version: 0.1.0.5

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Path: C:\WINNT\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 09/17/04 12:58:52 PM
Date (last access): 09/19/04 10:32:24 AM
Date (last write): 09/17/04 12:58:52 PM
Filesize: 91208
Attributes: archive
MD5: 7CF27CE3D798F17CED2CD7D2C9F9A658
CRC32: FDF875E1
Version: 0.2.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 09/21/04 6:15:30 AM

PID: 0 ( 0) [System]
PID: 8 ( 0) System
PID: 148 ( 8) \SystemRoot\System32\smss.exe
PID: 172 ( 148) CSRSS.EXE
PID: 192 ( 148) \??\C:\WINNT\system32\winlogon.exe
PID: 220 ( 192) C:\WINNT\system32\services.exe
PID: 232 ( 192) C:\WINNT\system32\lsass.exe
PID: 268 ( 976) C:\Program Files\Internet Explorer\iexplore.exe
PID: 416 ( 220) C:\WINNT\system32\svchost.exe
PID: 432 ( 976) D:\Spybot\TeaTimer.exe
PID: 444 ( 220) C:\WINNT\system32\spoolsv.exe
PID: 472 ( 220) C:\WINNT\system32\drivers\CDAC11BA.EXE
PID: 492 ( 220) C:\WINNT\system32\cisvc.exe
PID: 512 ( 220) C:\WINNT\System32\svchost.exe
PID: 552 ( 220) C:\Program Files\Ahead\InCD\InCDsrv.exe
PID: 608 ( 220) C:\WINNT\system32\nvsvc32.exe
PID: 612 ( 220) C:\WINNT\System32\WBEM\WinMgmt.exe
PID: 668 ( 220) C:\WINNT\system32\regsvc.exe
PID: 704 ( 220) C:\WINNT\system32\MSTask.exe
PID: 740 ( 220) C:\WINNT\system32\stisvc.exe
PID: 888 ( 976) D:\Stardock\Object Desktop\CursorXP\CursorXP.exe
PID: 976 ( 980) C:\WINNT\Explorer.EXE
PID: 1000 ( 192) C:\Program Files\Common Files\Stardock\SDMCP.exe
PID: 1108 ( 976) C:\Program Files\Common Files\stardock\TrayServer.exe
PID: 1124 ( 492) C:\WINNT\system32\cidaemon.exe
PID: 1156 ( 976) C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PID: 1164 ( 976) D:\WinPatrol\winpatrol.exe
PID: 1180 ( 976) C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb08.exe
PID: 1184 ( 976) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PID: 1188 ( 976) C:\Program Files\Ahead\InCD\InCD.exe
PID: 1204 (1148) C:\Program Files\Logitech\MouseWare\system\em_exec.exe
PID: 1216 ( 976) D:\Opera75\opera.exe
PID: 1292 ( 976) D:\gator32\Gator32.exe
PID: 1332 ( 976) C:\WINNT\notepad.exe
PID: 1344 ( 192) C:\WINNT\system32\taskmgr.exe
PID: 1368 ( 432) D:\Spybot\SpybotSD.exe
PID: 1384 ( 976) C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID: 1404 ( 220) C:\WINNT\System32\svchost.exe
PID: 1464 ( 976) C:\WINNT\system32\mmc.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 09/21/04 6:15:30 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
file:///D:/Web%20Stuff/web1.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page_bak
file:///D:/Web%20Stuff/web1.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEAD798A-3C4A-452C-A1CB-AF2AD97D3FED}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEAD798A-3C4A-452C-A1CB-AF2AD97D3FED}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F004253-1742-4073-8086-20E3A11B114F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F004253-1742-4073-8086-20E3A11B114F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{339CD3FD-F30A-4047-B1A1-A235C84E86C8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{339CD3FD-F30A-4047-B1A1-A235C84E86C8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\rnr20.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
--------------------------------------------------

I don't know if this helps, but here are the results of FoldAlyzer on my HijackThis folder:

--------------------------------------------------
"hijackthis2.log","filesize=3,md5=DADAFE066983AB646E8550013FB7DA13"
"hijackthis1.log","filesize=5581,md5=AC1298A1979F46B8BCE83E95EF6F5480"
"HijackThis.exe","filesize=160768,md5=489B23140A4E720B69475DB97A409E8F"
"backup-20040920-113006-730","filesize=74,md5=DFF88F9CF6C28BA2904CED6786D7CBFB"
"backup-20040920-113006-686","filesize=56,md5=6FEA3A0B2D1AB626B1FF0F767346D17A"
"backup-20040920-113006-151","filesize=68,md5=E5AF97377ABAA3EECA540A75BD56F26E"
"backup-20040920-112710-946","filesize=118,md5=5847557E91FFABFE4489AB88D8E8B9B1"
"backup-20040920-112710-938","filesize=78,md5=D1BC14D4917513690F3C0187BC40A4F9"
"backup-20040920-112710-850","filesize=104,md5=32C609D8B1E3F317B1C33296D17D840E"
"backup-20040920-112710-792","filesize=110,md5=C50BE61EA7E1E764A055CCBF88FF7938"
"backup-20040920-112710-760","filesize=123,md5=232B1FE90226DFAFB5253DB1D925570E"
"backup-20040920-112710-735","filesize=84,md5=D374B90D558354DCE93C0E419A760CC3"
"backup-20040920-112710-726","filesize=103,md5=2451460C21390B249FA924937BA288D1"
"backup-20040920-112710-718","filesize=116,md5=DFAB74D094DBD58245625163C1E1B7E3"
"backup-20040920-112710-713","filesize=47,md5=D2BA66716C98607221570D8178016159"
"backup-20040920-112710-711","filesize=117,md5=B2829BD5E006A9A0BE62F0D123542C8F"
"backup-20040920-112710-709","filesize=116,md5=6297D7F469C7D361D7AF59CDC7769455"
"backup-20040920-112710-583","filesize=117,md5=57BF3483AA1286DA245D6F1BA5BB7406"
"backup-20040920-112710-521.dll","filesize=286720,md5=2A0212B045D5809B328CA1CAAB4596DD"
"backup-20040920-112710-521","filesize=83,md5=68B73C382881020ACCB96EF72E1227A7"
"backup-20040920-112710-488","filesize=117,md5=EBF6A370868D635746FC325B67F93E8B"
"backup-20040920-112710-465","filesize=122,md5=3F7912B3F93B59615A8544D4708360F1"
"backup-20040920-112710-459","filesize=101,md5=1A868355F6CD0023694267757F43E3F1"
"backup-20040920-112710-442","filesize=101,md5=280F10DB0B4311F6C6C8BBDC4DC3EA72"
"backup-20040920-112710-378","filesize=72,md5=B79F7D8908E1F921B1B6F2624D5A9EAB"
"backup-20040920-112710-333","filesize=68,md5=B0E9B31856CBB4B28ED6606209CEC3DB"
"backup-20040920-112710-291","filesize=44,md5=DDAA944499667A0EB2BD19767BA78D4A"
"backup-20040920-112710-233","filesize=61,md5=65A8215B30506A31256A8AE0CB6BD270"
"backup-20040920-112710-202","filesize=122,md5=3FD2999F0D9F23C54E833DBEB94DCC7E"
"backup-20040920-112710-156","filesize=101,md5=D5FB96C1BA6444C902ACADBEC8F7A8A1"
"backup-20040920-112710-105","filesize=74,md5=CD3CC0EE69DD2B64696DE05D43488B2D"
"hijackthis3.log","filesize=3,md5=DADAFE066983AB646E8550013FB7DA13"
-----------------------------------------------

The last item in the above list is what resulted after encountering the 3 error messages mentioned above. It saved a file with the name I chose, but the file was empty.

Another odd item I just noticed. In my IE6 (v6.0.2800.1106) I am unable to "go" anywhere when I click on a link within the body of a page or when I choose "Open Link". Nor am I able to get any result from choosing "Open Link in New Window." All of the other items in the menu resulting from a right mouse click DO seem to be working. VERY strange!

Is this enough information to have an idea about what I've got here?

Any and all help will be GREATLY appreciated.

Looking forward to replies.. gratefully,

Webcyber
  • 0

Advertisements


#2
webcyber

webcyber

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Well.. 2 items:

1. I apologize if I posted this in the wrong forum.

2. If anyone is interested... after picking over the files in WinNT and WinNT\System32 (getting rid of what I hope was the last of the "localNRD.dll thing") and fixing the details of my McAfee services AND re-installing the OS, I believe I'm running OK now.

I just have to figure out why McAfee isn't loading VirusScan automatically after a reboot.

Peace,

Webcyber
  • 0

#3
Hemal

Hemal

    Founding Fart

  • Technician
  • 1,470 posts
have you tried a system restore to before the point when installing the internet explorer update?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP