Stupid computer, help me! > General Discussion

Posted: 4/27/2005 7:11:43 PM EDT

I must have picked something up.

I turned on the computer and it gets locked on the desktop but there are no shortcuts to click on. The hard drive is going nuts for like 5 minutes but nothing. I hit Ctrl, Alt, Delete to go to Task Manager. Under processes IE is using some unGodly amount of memory so I end it. The hard drive stops but still nothing on desktop. On task manager I hit File, New Task(Run), and opened IE. Now I am on the Internet.

I am running 2000pro on this old computer. Yes I know, I shouldn't be useing IE but I have not got around to trying something else.

Can anyone tell me where everything went or how I can get it back. I am no computer expert so I need help.

Posted: 4/27/2005 7:14:23 PM EDT

[#1]

Sorry, my computer-fu is weak.

Free bump for ya though.

Posted: 4/27/2005 7:15:54 PM EDT

[#2]

If its a virus, and yu have a recent version of norton anti virus i think you can boot from the CD and scan your harddrive. But you have to know how to set the boot order for the CD to boot before the harddrive.

Posted: 4/27/2005 7:25:36 PM EDT

[#3]

IE starts at bootup?

Posted: 4/27/2005 7:48:19 PM EDT

[#4]

Quoted:
IE starts at bootup?

I don't know. In Task Manager under Processes I hit 'End Process' to stop it because it was useing a ton of memory. When I did that the hard drive stopped going nuts.

All I had was my desktop picture and the little hour glass while the hard drive was gringing away. I don't even know how to shut this down now. No Start button at bottem to hit Shut Down.

Posted: 4/27/2005 7:53:05 PM EDT

[#5]

Well I do have something. I just opened another IE window and have a new tool bar and a new homepage. A couple of pop ups too.

Posted: 4/27/2005 7:57:55 PM EDT

[#6]

Sounds like you need to run Ad-Aware on your machine, and also would be a good idea to put on a Antivirus such as AVG Free.

Posted: 4/27/2005 8:02:10 PM EDT

[#7]

I had this same problem on one of my compuers. Ran spyware/adware removers and antivirus, something like 30 spyware/adwares and over 200 viruses.

Posted: 4/27/2005 8:03:40 PM EDT

[#8]

You're plight has reminded me to scan with all my stuff.

Posted: 4/27/2005 8:04:18 PM EDT

[#9]

maybe you can try hitting your f2 key or maybe one of the other keys F keys and it will give you a option to start in safe mode and you can run scans.

keeping tapping your f key as soon as you reboot.
try f2 if it doesn't work than try f8.
i am not sure which one it will be on your system.if neither try each one.

just a suggestion

Posted: 4/27/2005 8:06:55 PM EDT

[#10]

Download and run hijack this on your system. Post the results and I am sure someone can tell you what to get rid of.

Posted: 4/27/2005 8:07:49 PM EDT

[#11]

Run Adaware SE AND Spybot S&D, and make sure that they are updated.

Next, run Hijack This! and look for anything out of the ordinary in the log it genrates.

At least try that for starters.

Posted: 4/27/2005 8:32:45 PM EDT

[#12]

Quoted:
Download and run hijack this on your system. Post the results and I am sure someone can tell you what to get rid of.

Logfile of HijackThis v1.97.7
Scan saved at 12:25:16 AM, on 4/28/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\sesmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {018A3870-7295-4590-96E8-350CCE55894A} - C:\WINNT\System32\spjdz.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat.ar15.com/java/cr.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Posted: 4/27/2005 8:34:22 PM EDT

[#13]

Quoted:
maybe you can try hitting your f2 key or maybe one of the other keys F keys and it will give you a option to start in safe mode and you can run scans.

keeping tapping your f key as soon as you reboot.
try f2 if it doesn't work than try f8.
i am not sure which one it will be on your system.if neither try each one.

just a suggestion

Was going to do that but I know nothing about safe mode or how to use it.

Posted: 4/27/2005 8:36:17 PM EDT

[#14]

Quoted:
Run Adaware SE AND Spybot S&D, and make sure that they are updated.

Next, run Hijack This! and look for anything out of the ordinary in the log it genrates.

At least try that for starters.

Did all 3 and TrendMicro House Call.

Posted: 4/27/2005 8:45:30 PM EDT

[#15]

Quoted:
Quoted:
Run Adaware SE AND Spybot S&D, and make sure that they are updated.

Next, run Hijack This! and look for anything out of the ordinary in the log it genrates.

At least try that for starters.

Did all 3 and TrendMicro House Call.

Did you update FIRST though ? I'm looking at your HiJack This log and don't see anything "obvious" but am checking a couple things....

You need to make sure you've checked for updates on AdAware and Spybot..... They come out CONSTANTLY, sometimes every day or two.

Then run the scans.

Also, another GREAT program is Spyware Blaster : www.javacoolsoftware.com/spywareblaster.html

This is also a MUST HAVE for keeping this crap off your machine. It actually PREVENTS the browser exploits and such from being installed in the first place.

But again, you need to have the three programs updated, before you scan right now.

Posted: 4/27/2005 8:49:05 PM EDT

[#16]

For the love of God people, stop using IE at home.

Posted: 4/27/2005 8:50:05 PM EDT

[#17]

And when you get all done with the scans and get it running like normal, be sure to download and install my little friend here -

www.mozilla.org/products/firefox/

...and NEVER use IE again.

Just a suggestion.

Posted: 4/27/2005 8:50:07 PM EDT

[#18]

Quoted:
Quoted:
Quoted:
Run Adaware SE AND Spybot S&D, and make sure that they are updated.

Next, run Hijack This! and look for anything out of the ordinary in the log it genrates.

At least try that for starters.

Did all 3 and TrendMicro House Call.

Did you update FIRST though ? I'm looking at your HiJack This log and don't see anything "obvious" but am checking a couple things....

You need to make sure you've checked for updates on AdAware and Spybot..... They come out CONSTANTLY, sometimes every day or two.

Then run the scans.

Also, another GREAT program is Spyware Blaster : www.javacoolsoftware.com/spywareblaster.html

This is also a MUST HAVE for keeping this crap off your machine. It actually PREVENTS the browser exploits and such from being installed in the first place.

But again, you need to have the three programs updated, before you scan right now.

I did update them. I always do before I run them.

Spybot and Adaware came up with a couple things. I just rebooted and same thing, nothing on my desktop.

I have been using Zone Alarm for almost 2 years now. This is the first time I have picked up something sice I have been using it.

Posted: 4/27/2005 8:54:58 PM EDT

[#19]

Quoted:
For the love of God people, stop using IE at home.

I will, if I ever find the icons and the little bar that is supposed to be at the bottem of my desktop.

Posted: 4/27/2005 8:57:11 PM EDT

[#20]

Is explorer.exe running in the task manager?

Posted: 4/27/2005 9:00:30 PM EDT

[#21]

Zone Alarm is great, but it's ONLY a firewall....... It does not prevent anything from being INSTALLED.

Go here, download and run it. ( CoolWWWSearch.SmartKiller removal tool )

www.safer-networking.org/files/delcwssk.zip

Then here, ( Cool Web Search Shredder )

cwshredder.net/bin/CWShredder.exe

Save the file, and run it....... These two will remove one of the MOST prevalent hijackers on the web. Cool Web Search. It's nasty shit and the fuckers constantly come out with new versions.

Then run HiJack This again, and post your log.....

Posted: 4/27/2005 9:00:44 PM EDT

[#22]

Quoted:
Is explorer.exe running in the task manager?

It is now, that's how I am on here.

Posted: 4/27/2005 9:01:14 PM EDT

[#23]

safe mode is just running the bare stuff that the computer needs to run.but you will be able to run programs by clicking on the icons or under programs.

Posted: 4/27/2005 9:02:37 PM EDT

[#24]

I saw AOL.
Kill it NOW!!

Posted: 4/27/2005 9:03:38 PM EDT

[#25]

Not just Iexplorer but also explorer.exe thats what handles your icons and task bar. If it is not there run it as a new task.

Posted: 4/27/2005 9:06:36 PM EDT

[#26]

It's more than likely that if you ran the scanners and nothing came back, you'll need to use your Win 2000 CD and do a system repair.

Did you install anything or do any windows updates right before this happened ?

Posted: 4/27/2005 9:10:48 PM EDT

[#27]

Quoted:
Not just Iexplorer but also explorer.exe thats what handles your icons and task bar. If it is not there run it as a new task.

You are correct! explorer.exe is not running. Where do I find it?

I don't understand why it isn't starting.

Posted: 4/27/2005 9:12:01 PM EDT

[#28]

In task manager click, file, then New task, then type explorer.exe and it should restart.

CIT

Posted: 4/27/2005 9:19:05 PM EDT

[#29]

Quoted:
Zone Alarm is great, but it's ONLY a firewall....... It does not prevent anything from being INSTALLED.

Go here, download and run it. ( CoolWWWSearch.SmartKiller removal tool )

www.safer-networking.org/files/delcwssk.zip

Doesn't work. Get error saying: delcwssk[1].zip is incomplete--probably due to incomplete or failed download.

Then here, ( Cool Web Search Shredder )

cwshredder.net/bin/CWShredder.exe

Ran this and came back clean.

Posted: 4/27/2005 9:21:31 PM EDT

[#30]

Quoted:
In task manager click, file, then New task, then type explorer.exe and it should restart.

CIT

Thanks! It worked. Now I'll try to reboot and see if it starts.

Posted: 4/27/2005 9:23:41 PM EDT

[#31]

Supersport... Can you post another Hijack This log after running the programs I listed above ?

I see a couple things on your first log that are more than likely a problem.

You will probably have to do a system repair with the Install CD, but it would be smart to clean up this crap first.

Also, if you have another user account on the machine, try signing in on that one instead.

If you're using the default "Administrator" account on Win 2000, then you'll need to reboot into safe mode, and create a new account, if you don't have another one already.

You can do that in Control Panel, under User Accounts.... The "Administrator" account should never be used as the default, but most people do, not knowing any better when they first used their machine.

Posted: 4/27/2005 9:25:21 PM EDT

[#32]

Quoted:
Quoted:
In task manager click, file, then New task, then type explorer.exe and it should restart.

CIT

Thanks! It worked. Now I'll try to reboot and see if it starts.

It probably won't when you reboot.

Best to try creating another account, then if that doesn't work, do a system repair.

Posted: 4/27/2005 9:30:39 PM EDT

[#33]

Quoted:
Supersport... Can you post another Hijack This log after running the programs I listed above ?

Logfile of HijackThis v1.97.7
Scan saved at 1:36:03 AM, on 4/28/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\WINNT\Logi_MwX.Exe
C:\WINNT\System32\carpserv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {018A3870-7295-4590-96E8-350CCE55894A} - C:\WINNT\System32\spjdz.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6FA7E10C-89A0-484F-8FD2-1BA6532C7107} - C:\WINNT\System32\msdgi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat.ar15.com/java/cr.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

ETA: Updated log.

Logfile of HijackThis v1.99.1
Scan saved at 3:34:36 AM, on 4/28/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\WINNT\Logi_MwX.Exe
C:\WINNT\System32\carpserv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActiveX Control - {6FA7E10C-89A0-484F-8FD2-1BA6532C7107} - C:\WINNT\System32\msdgi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://chat.ar15.com/java/cr.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://ftp.newaol.com/pub/sr-test/streetnoagent7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Posted: 4/27/2005 9:32:07 PM EDT

[#34]

Did the reboot work out ok?

Posted: 4/27/2005 9:34:45 PM EDT

[#35]

Quoted:
Quoted:
Quoted:
In task manager click, file, then New task, then type explorer.exe and it should restart.

CIT

Thanks! It worked. Now I'll try to reboot and see if it starts.

It probably won't when you reboot.

Best to try creating another account, then if that doesn't work, do a system repair.

Just got done rebooting. Icons and task bar opened this time and the hard drive didn't go nuts.

I don't know what all that crap is on the list but let me know what I can get rid of.

Posted: 4/27/2005 9:35:41 PM EDT

[#36]

Quoted:
Did the reboot work out ok?

See above. Thanks!!!!!!!!!!!!!!!!

Posted: 4/27/2005 9:38:49 PM EDT

[#37]

Glad it all worked out so far. Some times in XP and 2000 you have to use task manager to end task on explorer.exe and restart it to get out of a lockup.

Posted: 4/27/2005 9:39:50 PM EDT

[#38]

Ok, run Hijack this, and tel it to fix these entries.

O2 - BHO: (no name) - {018A3870-7295-4590-96E8-350CCE55894A} - C:\WINNT\System32\spjdz.dll

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Those three are suspect and should get rid of this new toolbar. Incidentally, what's the name OF the toolbar you said popped up ??

Posted: 4/27/2005 9:41:45 PM EDT

[#39]

Try using the System Restore utility to take the computer back to a date before the problems started.

If you can't use the task bar, go to the Task Manager, select "New Task", and go to "C:\WINDOWS\system32\Restore\rstui.exe"

Posted: 4/27/2005 9:48:14 PM EDT

[#40]

Quoted:

Ok, run Hijack this, and tel it to fix these entries.

O2 - BHO: (no name) - {018A3870-7295-4590-96E8-350CCE55894A} - C:\WINNT\System32\spjdz.dll

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Those three are suspect and should get rid of this new toolbar. Incidentally, what's the name OF the toolbar you said popped up ??

Just fixed those 3. What about this one, I don't remember seing it before:

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

I didn't get the name of the toolbar. Spybot or Adaware took care of it so it is gone.

Posted: 4/27/2005 9:55:41 PM EDT

[#41]

Quoted:
Quoted:

Ok, run Hijack this, and tel it to fix these entries.

O2 - BHO: (no name) - {018A3870-7295-4590-96E8-350CCE55894A} - C:\WINNT\System32\spjdz.dll

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Those three are suspect and should get rid of this new toolbar. Incidentally, what's the name OF the toolbar you said popped up ??

Just fixed those 3. What about this one, I don't remember seing it before:

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

I didn't get the name of the toolbar. Spybot or Adaware took care of it so it is gone.

No, thats a windows file..... don't touch that.

Everything else on your log is normal, do NOT delete anything other than what I listed. If you DO, things may stop running !

You also have a bunch of stuff runing in the background on startup, that will only slow the computer down that you can take off, but those aren;t viruses, or anything bad, just helper applications.. Resource hogs that just don't need to run on bootup.

You can remove them from the startup menu using Spyware S&D in the "Tools" menu, under startup.... Just uncheck them and it should speed up things some. You can always recheck them later on, if something you NEED isn't running properly anymore

Posted: 4/27/2005 10:03:19 PM EDT

[#42]

Quoted:
Try using the System Restore utility to take the computer back to a date before the problems started.

If you can't use the task bar, go to the Task Manager, select "New Task", and go to "C:\WINDOWS\system32\Restore\rstui.exe"

LOL. I tried that once. I picked some date around when the computer was made. I ended up with a black screen. Not even a curser. One of my brothers friends came over and worked on it for hours. That kid really knew what he was doing. He got the computer into one of those 'modes' and was controlling the computer with the keys even though you couldn't see a thing. It was amazing.

He said I went back too far and really screwed it up. The computer was Windows '98 but I didn't have a backup disc so he installed the 2000pro.

Since then I have wiped the computer once and reinstalled 2000 myself, 2 years ago. I didn't have a clue what I was doing. I followed instructions I had wrote down from another kid I worked with. Obviously it worked but I was scared to death. I should do it again now to get a fresh start, if I can find my directions.

Posted: 4/27/2005 10:06:13 PM EDT

[#43]

Quoted:

You also have a bunch of stuff runing in the background on startup, that will only slow the computer down that you can take off, but those aren;t viruses, or anything bad, just helper applications.. Resource hogs that just don't need to run on bootup.

You can remove them from the startup menu using Spyware S&D in the "Tools" menu, under startup.... Just uncheck them and it should speed up things some. You can always recheck them later on, if something you NEED isn't running properly anymore

I knew that but I don't know what to shut off. Can you tell me what I don't need?

Posted: 4/27/2005 10:14:13 PM EDT

[#44]

You should be ok now, assuming you dont download any new crap and you run the spyware programs regularly.

Also, you can use what's called a HOSTS file, to help keep evil shit out.

What this is, is a list of sites that IE accesses, and will physically disallow you to go to, if it's on the list.

It's very helpful in blocking much of thse types of things from getting ON your computer in te frist place.

I have a fairly substantial one and it's been quite useful.

And, hopefully you used the immunize option in Spybot S&D And "Enabled All Protection" in Spyware Blaster. This will help a LOT in preventing this garbage,

Posted: 4/27/2005 10:19:27 PM EDT

[#45]

Quoted:
Quoted:

You also have a bunch of stuff runing in the background on startup, that will only slow the computer down that you can take off, but those aren;t viruses, or anything bad, just helper applications.. Resource hogs that just don't need to run on bootup.

You can remove them from the startup menu using Spyware S&D in the "Tools" menu, under startup.... Just uncheck them and it should speed up things some. You can always recheck them later on, if something you NEED isn't running properly anymore

I knew that but I don't know what to shut off. Can you tell me what I don't need?

Sure can. Just need the list of what you have running on startup.

Easiest way is for you to run Spybot S&D and go to TOOLS / System Startup, then look at all the things listed.

You'll see some of your programs listed in there thet you'll recognize right of the bat.

Post the list here, and I'll tell you what to uncheck in Spybot.

Considering you're running Win 2000, the list may be long, so you can always just take a screenshot, and post that too....... Probably easier anyways, than typing all the entries.

Posted: 4/27/2005 10:44:47 PM EDT

[#46]

Getting late..... I'll check this thread tomorrow for an update, or you can IM me the startup list if you like and I'll see what I can do to help out.

Posted: 4/28/2005 5:59:27 AM EDT

[#47]

Quoted:
Quoted:
Quoted:

You also have a bunch of stuff runing in the background on startup, that will only slow the computer down that you can take off, but those aren;t viruses, or anything bad, just helper applications.. Resource hogs that just don't need to run on bootup.

You can remove them from the startup menu using Spyware S&D in the "Tools" menu, under startup.... Just uncheck them and it should speed up things some. You can always recheck them later on, if something you NEED isn't running properly anymore

I knew that but I don't know what to shut off. Can you tell me what I don't need?

Sure can. Just need the list of what you have running on startup.

Easiest way is for you to run Spybot S&D and go to TOOLS / System Startup, then look at all the things listed.
You'll see some of your programs listed in there thet you'll recognize right of the bat.

Post the list here, and I'll tell you what to uncheck in Spybot.

Considering you're running Win 2000, the list may be long, so you can always just take a screenshot, and post that too....... Probably easier anyways, than typing all the entries.

I'm following along in an attempt to learn, and I just ran SpyBot S+D, but it doesn't say Tools anywhere.

Posted: 4/28/2005 10:36:37 AM EDT

[#48]

Quoted:

I'm following along in an attempt to learn, and I just ran SpyBot S+D, but it doesn't say Tools anywhere.

I didn't see it at first either. Open Spybot and hit Mode in top left. Then check Advanced Mode in the drop down. You will get Settings, Tools, and Info buttons on the bottom of the left side.

Posted: 4/28/2005 11:06:43 AM EDT

[#49]

Quoted:
And when you get all done with the scans and get it running like normal, be sure to download and install my little friend here -

www.mozilla.org/products/firefox/

...and NEVER use IE again.

Just a suggestion.

And when you get all done with the scans and get it running like normal, be sure to download, burn a CD, and boot from my little friend here -

www.knoppix.net/

...and NEVER use Windows again while connected to the internet.

Just a suggestion.

Serious. It works.

Posted: 4/28/2005 11:44:24 AM EDT

[#50]

I agree, that program has helped me FIX serveral windows based machines..... got a passworded XP machine and the info won't be seen in another machine.... boot knoppix in the orignal machine start samba and copy over your info over to another machine... KNOPPIX ROCKS

BTW u can use hijackthis's web page to post your results

Quoted:
Quoted:
And when you get all done with the scans and get it running like normal, be sure to download and install my little friend here -

www.mozilla.org/products/firefox/

...and NEVER use IE again.

Just a suggestion.

And when you get all done with the scans and get it running like normal, be sure to download, burn a CD, and boot from my little friend here -

www.knoppix.net/

...and NEVER use Windows again while connected to the internet.

Just a suggestion. Serious. It works.

Warning

Confirm Action

[ARCHIVED THREAD] - Stupid computer, help me! (Page 1 of 2)

[ARCHIVED THREAD] - Stupid computer, help me! (Page 1 of 2)