[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.4

A lot of nasty problems: games.sms591.com sms591 ringtone adware can't get rid off, BitComet auto shut off, unable to view hidden files, iedw.exe error, SysAd2, SysAd3, Ghook.dll, svchost.exe

Asked by Yukimin in Operating Systems Miscellaneous, Windows XP Operating System, Miscellaneous Security

Hi, my sister's laptop constantly have problems. This time there are several nasty problems, any suggestions and help will be greatly appreciated!

Here are the problems:
- games.sms591.com & sms591.net ring tone pop up: this ring tone web page always opens up an IE window from time to time.
- BitComet auto shut off: it is fine to start up. I can load up Bit Comet fine, but as soon as I click anywhere in the BitComet window, it will close itself off. Close itself off as it didn't minimized, the whole program bitcomet.exe gets shut off from the Windows Process List.
- Unable to view hidden files: every time I select view hidden files, no hidden files will be shown up at all. And as soon as I go back to the options to select view hidden files, it is always the hide hidden files option being checked.
- iedw.exe error: I have no clue what iedw.exe is. I don't even think my sister has such a program at all as she only knows how to surf (mainly Chinese news, celebrity sites). The error message says:
iedw.exe - Application Error
The applicateion failed to initialize properly (0xc0000142). Click on OK to terminate the application.


Here is what I have done:
The games.sms591.com & sms591.net ring tone pop up, I have tried the methods that are mentioned in this site: http://blog.cersp.com/userlog19/48446/archives/2007/254282.shtml (sorry it is a Chinese site)  I haev used Sreng2 and done what it said in the site. With the exception that I can't seem to find similar numeric .EXE or .DLL files that have been mentioned on the site (not sure if they are hidden or what)

For the Bit Comet, I have tried to uninstall and reinstall, but the same problem still exist. Bit Comet problem seems to happen after I installed AVG. Though, even after I removed AVG, the same problem still exits. (reinstalled to do scan)

I used Ad-aware and removed infected files that it has found (over 140).

I have also used AVG scan. Did find a lot of infected thing, I have deleted all. But it can't seem to find sms591.

Also, used Security Task Manager. I have removed a lot of weird programs, but still these seems to coming back:
Ghook.dll C:\SysAd3\Ghook.dll
Ghook.dll C:\SysAd2\Ghook.dll
svchost.exe C:\SysAd2\svchost.exe
svchost.exe C:\SysAd3\svchost.exe
Here is the screenshot that I have took. One shows up 100 rating, and the other shows 57 rating.
http://img69.imageshack.us/img69/4555/securitytaskmanagerky4.jpg

I have tried to locate those files, but I can't find them. So they are probably hidden files I assume. But as I have mentioned, I can't view hidden files.

Also done a HijackThis log, this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 11:05:30 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\DEC\System32\smss.exe
C:\WINDOWS\DEC\system32\csrss.exe
C:\WINDOWS\DEC\system32\winlogon.exe
C:\WINDOWS\DEC\system32\services.exe
C:\WINDOWS\DEC\system32\lsass.exe
C:\WINDOWS\DEC\system32\Ati2evxx.exe
C:\WINDOWS\DEC\system32\svchost.exe
C:\WINDOWS\DEC\system32\svchost.exe
C:\WINDOWS\DEC\System32\svchost.exe
C:\WINDOWS\DEC\system32\svchost.exe
C:\WINDOWS\DEC\system32\svchost.exe
C:\WINDOWS\DEC\system32\spoolsv.exe
C:\WINDOWS\DEC\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\DEC\system32\Ati2evxx.exe
C:\WINDOWS\DEC\Explorer.EXE
C:\WINDOWS\DEC\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\SysAd2\svchost.exe
C:\SysAd3\svchost.exe
C:\WINDOWS\DEC\system32\wscntfy.exe
C:\WINDOWS\DEC\System32\alg.exe
C:\Program Files\Security Task Manager\TaskMan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Screenshot Pilot\ScrPlt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joey\My Documents\Min Folder\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\DEC\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\DEC\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\DEC\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1 ] C:\WINDOWS\DEC\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\DEC\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [eabconfg.cpl] ; C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] ; C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] ; C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] ; C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] ; C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\DEC\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [miniqqlive] ; "C:\Program Files\Tencent\QQLive\MiniQQLive.exe"
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\DEC\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?69b62a7f5235431bb6bc9f218a10a935
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?69b62a7f5235431bb6bc9f218a10a935
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\DEC\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

Also when I open Windows Process List, sometimes I will find a lot of random unknown programs running, like.. winlog0n.exe and other weird named exe programs.

Any help or suggestions on how to solve these problems will be greatly appreciated. If you need any more information or need more explanation or details, please feel free to tell me.
I apologize for the long post.
Thank you very much!


Added:
I removed and restarted computer. And rescan use Security Task Manager, these aren't on the list anymore.
Ghook.dll C:\SysAd3\Ghook.dll
Ghook.dll C:\SysAd2\Ghook.dll
svchost.exe C:\SysAd2\svchost.exe
svchost.exe C:\SysAd3\svchost.exe

Though, I am still having other problems. Please help. Thanks!

 
Related Solutions
Keywords: A lot of nasty problems: games.sms…
Title
1 Unable to remove Vundo Spyware / …
2 HijackThis log
3 HijackThis log help
4 SVCHOST.EXE Errors
5 Removing adware when software doe…
6 Hijack troubles: please read the follo…
 
Loading Advertisement...
 
[+][-]02/13/07 11:20 PM, ID: 18529242Assisted Solution

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 30-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02/14/07 02:06 AM, ID: 18529931Assisted Solution

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 30-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02/14/07 03:06 AM, ID: 18530141Assisted Solution

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 30-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02/14/07 04:28 AM, ID: 18530468Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Operating Systems Miscellaneous, Windows XP Operating System, Miscellaneous Security
Sign Up Now!
Solution Provided By: Merete
Participating Experts: 5
Solution Grade: A
 
[+][-]02/14/07 05:01 AM, ID: 18530637Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/14/07 05:35 AM, ID: 18530846Assisted Solution

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 30-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]02/14/07 05:40 AM, ID: 18530875Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/14/07 07:30 AM, ID: 18531990Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/14/07 09:09 AM, ID: 18533031Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/14/07 11:32 PM, ID: 18538428Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/14/07 11:35 PM, ID: 18538441Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/14/07 11:40 PM, ID: 18538452Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/15/07 12:12 AM, ID: 18538545Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/15/07 11:24 PM, ID: 18546674Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/16/07 01:26 AM, ID: 18547031Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02/16/07 01:46 AM, ID: 18547103Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/16/07 02:32 AM, ID: 18547274Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81