Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi. PLEASE HELP ME. I am having a problem with my system, I hope someone can help.
It runs extremely slow. I have virtual memory too low messages, odd error messages, dll errors, exe errors. The computer crashed about 6 months ago. I ran the system restore disks but the same problems still exist. I have e-anthology manager and mcafee installed and both have found spyware, adware, and quite a few trojan viruses. I have spoke with compaq and the support center from where I bought this computer, calling compaq was a waste of time. The support center told me it was from viruses and that I should run a virus scanner to see and that it was probably a bad "master boot?". This is really getting frustrating because it also freezes. One other thing it will also lock and says only an administrator can unlock but nothing works accept the power switch.
Also, I have a quest about the registry. I have a few items on there that I have no idea what they are. c:\windows\system\hpsydrv.exe, c:\windows\system32\igrxtray.exe, and c:\windows\SMINST\RECGAURD.exe. Anyone have any ideas? It would be greatly appreciated.
If restore disks (presume these take system back to original 'factory' condition) don't produce a stable machine, then its almost certainly a hardware problem. If its under warranty (or was when the problem started), I would return it to be fixed/replaced.
Otherwise its an elimination process - and if its a compaq, likely hit 'proprietory' issues due to the way they set up their machines.
0 
Hi bradymom6,
Do at least one Anti-Virus scan. Then Spybot and Adaware (remember to update them first).
And after that, create a HijackThis log and post it on the Security & Virus forum. Include the info about the scans you did.Anti-Virus:
▫ [on-line] BitDefender Anti-Virus
▫ [on-line] RAV Anti-Virus (AV Security)
▫ [on-line] ActiveScan Anti-Virus (Panda)
▫ [on-line] HouseCall Anti-Virus (Trend Micro)
▫ nod32 Anti-Virus (eset)
▫ F-Prot Anti-Virus (F-Secure)
▫ AVG Anti-Virus (Grisoft)Anti-Spyware:
▫ Spybot Search & Destroy (Safer Networking)
▫ Ad-aware (Lavasoft)
▫ CWShredder (Merijn.org)
▫ TDS-3 (DiamondCS)
▫ Pest Patrol
▫ [on-line] TrojanScan (GFi)
Keep in mind that some of them may need to be updated over the web first when started, and before zapping the baddies!▫ HijackThis (Merijn.org)
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
I ran the Eanthology scan a week ago, and had some spyware, adware, and a few trojan viruses. The program deleted and stopped them, but I still had the same problems. Today after I spoke to the support person, I purchased Mcaffee virusscan and scanned the system. Unfortunately, I cant find the log. It did find about 8 trojan viruses and 72 spyware and adware all of which were removed or quarantined. As far as when I spoke with support person about getting it repaired I was told that it was a virus and software problem, not a hardware problem and was told to contact a repair service in my area that could come out and check it and fix any problems if neccesary. Unfortanetly, that is a little too expensive for me right now. So I downloaded the highjackthis program and found this site (not in that order). Here is the log as requested.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Charlotte & Bobby\Local Settings\Temporary Internet Files\Content.IE5\RUSFZ9G5\HijackThis[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stop-sign.com/support/homepage.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/1B/assist.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll (file missing)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll (file missing)
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\ieHook.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.9.0\HbHostIE.dll (file missing)
O2 - BHO: (no name) - {CEFBE15B-2F3C-FF7F-4D39-CEB6F343CF8E} - C:\WINDOWS\system32\tqktcmsr.dll (file missing)
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe /b Startup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.exe -k
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/arrtv.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {C1145550-A454-11D4-9020-00D0B7239081} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstallerRaptor.cab
Thanks for the help.:)Bradymom6
0
remove all that adware. it kills your computer and takes up tons of memory. my friends computer once had over a gig of paging file becuse the adware.
0
First, move Hijack This to a permanent directory like c:\program files\hijack this\hijackthis.exe. This way you can undo any changes if something goes wrong.
Put a check next to these, click "fix checked" and reboot.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
O2 - BHO: (no name) - {CEFBE15B-2F3C-FF7F-4D39-CEB6F343CF8E} - C:\WINDOWS\system32\tqktcmsr.dll (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll (file missing)
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\ieHook.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.9.0\HbHostIE.dll (file missing)
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/arrtv.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cabAfter a restart, turn off and on, post another log.
Stop Sign is not very good, will work on that later.
Good luck, there is more to do, just cleaning the junk first.
0
For once, I don't mind being beaten to the punch !:) Bradymom6, you're in the safe hands of Abnormal!
I'm gonna post this anyway, so there will be doubling going on.Spybot & Adaware should get most of the crap, but some of them will not be KO in the first round, so definitely repost a new log after zapping them.
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
▫ Some people consider WildTangent to be adware, because it installs without telling you (even major companies install it with their products). Leave it, but know it's there.
C:\Program Files\Common files\updater\wupdater.exe
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
▫ KeenValue / IncrediFind (doxdesk)
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O11 - Options group: [CommonName] CommonName
▫ CommonName
▫ CommonName (doxdesk)
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_274.cab
▫ CometCursor (doxdesk)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stop-sign.com/support/homepage.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/1B/assist.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
▫ make HijackThis fix them
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll (file missing)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/arrtv.cab
▫ Transponder / VX2.ABetterInternet /NetPal /FavoriteMan (doxdesk)
O2 - BHO: HTML tools - {00673769-777F-4814-BE0F-74CBA1D823B8} - C:\WINDOWS\ieHook.dll
▫ [Critical] IEHook ASN.1 EXPLOIT (Microsoft)
▫ This one will require some more attention, but install the critical updates first, and then we'll try to delete it.
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
▫ MyWebSearch /FavoriteMan (doxdesk)
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
▫ DownloadReceiver
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
▫ ClearSearch / IGetNet
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
▫ Adware.WinFavorites / bridge.dll (Norton Symantec)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.9.0\HbHostIE.dll (file missing)
▫ HotBar (doxdesk)
O2 - BHO: (no name) - {CEFBE15B-2F3C-FF7F-4D39-CEB6F343CF8E} - C:\WINDOWS\system32\tqktcmsr.dll (file missing)
▫ Related to one of the above baddies, but random name.
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
▫ Blazefind /IE SearchBar (Kephyr)
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
▫ Not sure, if you installed them, then keep'em.
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstallerRaptor.cab
▫ Probably legit, but if you want to uninstall it, then follow this link:
▫ BuddyLinks
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Thanks for the help. I just checked this post, so I havent done any of the recommendations yet, (pretty busy around here w/kids) :) I will post to let you know what happened.
Thanks,
Bradymom6
0
Hey guys. Sorry it took me so long but I think Im finally finished. There were a few things that I couldn't delete from the add/remove programs list, either it wasnt there or it wouldnt let me delete. Anyway, my system seems to be running a lot smoother and quicker :). Im posting the HiJackthis log like svg requested. Can you also tell me what needs to be taken off the start up list, it still is a little slow when starting.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\WINDOWS\System32\lexpps.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11113111-1411-1611-8111-111111111413} - mhtml:file://c:\nul.mht!http://www.capital-systems.net//browser.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {C1145550-A454-11D4-9020-00D0B7239081} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstallerRaptor.cab
Thanks again!
Bradymom6
0
Hi again, Bradymom6,
You certainly won the first round:
Bradymom said "knock you out":
KeenValue / IncrediFind (doxdesk)
CometCursor (doxdesk)
Transponder / VX2.ABetterInternet /NetPal /FavoriteMan (doxdesk)
[Critical] IEHook ASN.1 EXPLOIT (Microsoft)
DownloadReceiver
ClearSearch / IGetNet
Adware.WinFavorites / bridge.dll (Norton Symantec)
Blazefind /IE SearchBar (Kephyr)But these survived into round two:
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
▫ Just to re-iterate: Some people consider WildTangent to be adware, because it installs without telling you (even major companies install it with their products). Leave it (because some programs may stop working when it's removed), but know it's there.C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
▫ CommonName / Winnet
Removal:
You must first kill the 'winnet.exe' process (otherwise, it will keep setting itself up to run automatically). Press Ctrl-Alt-Delete and open the Task Manager. If you are using Windows NT/2000/XP, choose the 'Processes' tab to list all programs. Choose 'winnet.exe' and end the process.Open the registry (Start->Run-> type regedit into the RUN-box).
In the left pane, browse to:
HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000000}
Doubleclick it to see the subkeys.
right click the 'InProcServer32' subkey and choose 'Delete'. (This neuters the CommonName BHO but doesn't completely remove it, so it won't notice the change and re-register itself.)Now browse to the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
There will be a value there titled 'Winnet'. Delete it and reboot the machine immediately. I think that will get it.O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)
▫ MyWebSearch / FavouriteMan / MyWay
Removal:
ControlPanel>Internet Options>[TemporaryInternetFiles]>Settings
ViewObjects> rightclick the items for their properties. If you find the ActiveX control that's related to this, then remove it. (It's probably gone already, though).Delete the MyWay folder:
C:\Program Files\MyWay\Open the registry (Start->Run-> type regedit into the RUN-box).
On the 'Edit' menu, select 'find', and search the registry for this
{00A6FAF1-072E-44cf-8957-5838F569A31D}
Make sure you find the exact one!!
You will probably find it in here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units
Delete the {00A6FAF1-072E-44cf-8957-5838F569A31D} key if you find it, but BE VERY CAREFUL to select just that one. There is no UNDO function in the registry! If you're unsure, then just leave that key in there, because it is practically harmless without the actual .dll file.___________________________________________
C:\Program Files\AWS\WeatherBug\Weather.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
▫ Weatherbug seems a legit program, but minibug displays the ads inside it,O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.buddylinks.net/ShellInstallerRaptor.cab
▫ This and Weatherbug could be legit programs, so if you know you installed them, keep them, but they could be part of MyWebSearch/FavoriteMan/MyWay___________________________________________
To streamline your computer, you can disable some of the XP services that you don't need for 'daily use'. This site has a service-by-service guide to safely disable them: Black ViperAnd if you want to stop Weatherbug/Minibug from starting when XP loads, then download this program and disable the Minibug reference in there:
▫ StartUp Control Panel (Mike Lin)___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Hello again.
YOU ARE THE MAN!!
Much bettter!! Thanks a bunch.
I have one other question, though. I didnt delete that anything that had to do with AIM did I? Cause my daughter has an account and it logs off after about 30 minutes, also I cant burn CD's. When you click the "Burn cd" it doesnt do anything.
Again thanks so much.Bradymom6
0
By the way forgot to tell you, I have a Sony burner it does everything, backup, dvd, cds and Im using musicmatch jukebox.
0
I don't have AIM, but it's very likely that WildTangent came with it.
About those automatic log-offs: could that be a setting in the account somewhere?
▫ AIM Parent Tools Auto-LogOffI think the CD problem is probably unrelated, although I don't know for certain. This is the real problem with these pests: they install without letting you know(except in the smallprint of the EULA), collect info about you/your system, and then leave a mess when you try to uninstall them.
Does the CD Drive show up in Windows Explorer? And is there a yellow !mark, or red cross next to it in DeviceManager?
ControlPanel>System>Hardware>DeviceManager
Check the CDROM / DiskDrives entries for your Sony.Did you uninstall a CD burning program which caused this?
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Hey, svg.
Device Manager didnt tell me much. I did go under my computer and look under the E: drive under the drag and drop menu I opened properties. Under the recording tab the box labeled Enable CD recording on this drive was not checked. I did so then applied it, went back reopened properties and so on and again it wasnt checked. It didnt keep the changes for some reason.I havent changed anything that has to do with this drive that I know of and I havent removed any software either.
UGH.
Bradymom6
0
Rightclick on it again in Explorer, and on the 'hardware' page, select it and press the 'properties' button.
On the 'driver' tab, press update driver. Then check whether the drive is listed in DeviceManager.
If it isn't, then again: rightclick for properties on the drive in Explorer. On the hardware page, select it, and press 'properties' button. This time, on the 'general' page, select do not use the device (disable) in the dropdown combobox at the bottom(>device usage). Now check DeviceManager: the drive should be listed with a red cross next to it.
If it's listed in DeviceManager, then rightclick it for properties, and 'enable the device' again.
If it's not listed, then have the computer scan for hardware changes from the 'Action' menu, and let it reinstall the drive automatically.Also check this:
The IMAPI CD Burning COM Service should be set to 'Automatic' in the XP services. (type services.msc into the RUN-box. Rightclick the service for properties.
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0
Hey again, did all that, must be some type of software problem because it still doesnt work. I emailed tech supp at musicmatch jukebox early this morning, but no response yet. Any other suggestions?
0
Can you give me the model number for that Sony Drive (or drivernames or any info)?
Maybe the ASPI layer needs reinstalling.I'm not familiar with MusicMatch Jukebox. If you're only experiencing problems with burning music to CD, then could it be some sort of copy-protection at work?
___________________________________________
☺ [Belgium, GMT+1]_________________________svg
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
