| View previous topic :: View next topic |
| Author |
Message |
Xerophyia
Member
Joined: 20 Jan 2004
Posts: 3
Points: 0
|
| Posted: Tue 01/20/2004 1:30am [Post #1] |
|
|
Hi Im new and I have a question about an error that I have popping up on my computer.
My question is:
When I boot my computer I have the following error:
Problem with Shortcut
The drive or network connection that the shortcut "updater .lnk"
refers to is unavailable. Make sure that the disk is properly
inserted or the network resource is avaible and try again.
I'm running Windows 2000 Professional.
Also, In the log below I only see one entry that says anything about an updater .lnk is something with Norton Antivirus
and refering to the in the recycling bin
(O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00027604.exe)
When I checked the box to get details on it, it gave me an example with a newdotnet file.
I remember I had a newdotnet file or actually multiple files, I came across in Ad-Aware 6.0 there I remember deleting in the program a while back.
I think that's about when this problem started..
What is this file and should I have deleted it? Or you dont think it's of any importance to my problem?
I'm just trying to make a guess...
Thanks.
Also theres alot of things running in the background that I dont know how to take out..Can u help with that?
This is my hijack log I just did..
I am new please exuse my ignorance..
Please be gentle this is my first post 
Logfile of HijackThis v1.97.7
Scan saved at 12:50:27 AM, on 1/20/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 8.0a\waol.exe
C:\Program Files\America Online 8.0a\shellmon.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\Lena Holt\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.syspage.com/ads/homepagesai.php?id=start1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINNT\System32\msdlgk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [version] C:\WINNT\System32\version.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00027604.exe
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.c ab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.ca b
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/Smiley CentralInitialSetup1.0.0.6.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-7 7E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1948e8fcee1f07929704/netzip/RdxIE6 01.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg. cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/i uctl.CAB?37915.5221064815
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.ca b
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash /swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/L2M.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DD3B80E-2CCA-4C7F-A 643-15F553EF5600}: NameServer = 205.188.198.4 |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
 |
bluedog
Member
Joined: 26 Dec 2003
Posts: 10
Points: 3
|
| Posted: Tue 01/20/2004 6:24am [Post #2] |
|
|
Hi,
CLose all browser window...only have HijackThis running.
Use HJT to FIX the below:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.syspage.com/ads/homepagesai.php?id=start1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINNT\System32\msdlgk.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [version] C:\WINNT\System32\version.exe
16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/Smiley CentralInitialSetup1.0.0.6.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1948e8fcee1f07929704/netzip/RdxIE6 01.cab
16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/L2M.cab
Reboot into Safe Mode....(tap F8 key during reboot...choose "Safe Mode" from menu)
Do a "SEARCH" and delete the below files/folder:
C:\Program Files\BroadJump\Client Foundation\CFD.exe ...delete "CFD.exe" file.
C:\Program Files\Common Files\slmss\slmss.exe ... delete "Slmss folder.
C:\WINNT\bxxs5.dll ....delete "bxxs5.dll" file
C:\WINNT\System32\version.exe ....delete "version.exe" file
Reboot and please post back a new log |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
steamwiz
Supreme Guru
Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
|
| Posted: Tue 01/20/2004 7:11am [Post #3] |
|
|
Hi
Fix this and it will get rid of your startup error message :-
O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00027604.exe
Also add these to bluedog's list :-
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
steam
_________________
Look here for Ways to keep your computer safe
M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
whoozhe
Help2Go Moderator
Joined: 01 Jan 2001
Posts: 8567
Points: 798
Location: Wallaroo South Australia
|
| Posted: Wed 01/21/2004 3:22am [Post #4] |
|
|
The file in question is Nortons Updater that is installed by default. Like anything Norton makes it's guaranteed to cause problems.
_________________
Take control of your life. Leave others to control their own. |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
Xerophyia
Member
Joined: 20 Jan 2004
Posts: 3
Points: 0
|
| Posted: Thu 01/22/2004 7:13pm [Post #5] |
|
|
Ok I fixed that updater link that popup is gone..Thank you!
Now to the SafeMode part..Never did this so I have get a little bit more detailed info on how to do it.. I know when you reboot hit F8 then what?
I've never been in there so dont know what things look like and where to go from there..So please tell me what I should do..
Also SteamWiz put some files down do I delete those as well?
Thanks for all the help guys..I'm lost but I'm slowly finding my way here..It's scary when your not sure what youre doing..  |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
steamwiz
Supreme Guru
Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
|
| Posted: Fri 01/23/2004 6:55am [Post #6] |
|
|
No....do NOT delete any of the files in my post...just fix with HJT
Regards Safemode..it looks different because many of the drivers are not loaded...but you use it just the same.
steam
_________________
Look here for Ways to keep your computer safe
M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
Xerophyia
Member
Joined: 20 Jan 2004
Posts: 3
Points: 0
|
| Posted: Fri 01/23/2004 6:51pm [Post #7] |
|
|
Ok im gonna do all that..but as of me fixing that updater .lnk with HJT my computer now it will not shut down.
I do not know if it's related but I hope not..That's my next question..How do I fix that?
I'm gonna do as your post asks after I get a reply to this question..Now that my computer is unable to be shutdown now..should I still fix with HJT?
I'm getting really concerned now...
Im trying to make sure I cover all the bases before I mess anything else up..Making sure u guys have all the facts..
I'll wait for an answer now..Thanks guys... |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
steamwiz
Supreme Guru
Joined: 12 Sep 2003
Posts: 14022
Points: 2332
Location: Yorkshire U.K.
|
| Posted: Sat 01/24/2004 10:39am [Post #8] |
|
|
OK
I'm trying to understand exactly what you have done so far...
I've double checked everything you've been told to do in this thread.....and i don't see anything that could cause this to happen.
In the folder with your hijackthis.exe...you will find a backup of everything you removed with HJT.
double click the backup and reboot...
You may get several error messages relating to files you have removed from the harddrive....this is because you have put run keys back for files which are now missing....dont worry we can take out the run keys again to get rid of the error messages.
Of course if all you have done is fix the one entry.....
O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00027604.exe
then the above pragraph does not apply.....just double click the backup file to put it back....see if your computer shuts down again.
Don't fix or delete anything else untill we know exacty what you have done already.
steam
_________________
Look here for Ways to keep your computer safe
M'SOFT MVP -Windows Security 2004/8 .member ASAP - UNITE |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
Basementgeek
Supreme Guru
Joined: 01 Jan 2003
Posts: 12000
Points: 1188
|
| Posted: Sat 03/06/2004 12:08pm [Post #9] |
|
|
This post/thread is locked because others trying to add/continue it.
If others are having a similar problems you NEED to start a New Topic
Cheers  |
|
| |
This post has: 0 recommendations
|
| Back to top |
|
|
|
