Solved

uninstalled wild tangent, but cant get rid of error message on startup. "specifiec module could not be found"

Posted on 2004-09-05
21
3,727 Views
Last Modified: 2010-05-19
Hi.  I found and deleted Wild tangent from a computer yesterday (my sisters).  I ran every program I know to try to clean things up:  spybot S&D, Adaware, Stinger and a full MCAffee scan.  

Now, when I start up the computer, i get this message "C:\Program Files\Wild Tangent \Apps\CDA\cdaengine 0400.dll  specified module could not be found.

How can i get rid of it ?  

I dont see wild tangent anywhere in control panel.  (still have to check her system tray)

I think I probably dont want that module to be found, but what about this error?

She has a dell and is running xp.  Her system restore is off when all the cleanup stuff is ran, then i restarted with it still off hoping it would be gone, but no it wasnt.

Thanks.
0
Comment
Question by:cinnacracker
  • 9
  • 6
  • 3
  • +2
21 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11983859
Hello cinnacracker =)

goto Start>Run>msconfig>Startup
click on Disable all
restart and nwo check if the error goes waya or not
if YES then -re-enable aech application at a time and trace out the culprit one !!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11983860
And if u cannot get rid of it by this also, then Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 

Author Comment

by:cinnacracker
ID: 11984197
OK, thanks for the quick answer.  I will give that a try.  So if I uncheck something, it can be checked again (wont dissappear or anything like that)?

If i find the bad boy, do I just leave it unchecked forever or is there somewhere else i would need to go to get rid of it?  

Then I should restart without system restore on, once it starts without error, turn system restore back on?  

I will let you know what happens there.  I am also trying to install a wireless router on this system.  However, once I get all the cables set up as I think are correct the system wont connect to the internet..... do you think this is related at all?  (connects fine w/o the router)

THX
0
 

Author Comment

by:cinnacracker
ID: 11984402
my sister checked quickly and didnt see anything by MSCONFIG directions.  ill check them one by one later.  She also ran this, so if you see anything please let me know.

Logfile of HijackThis v1.98.2
Scan saved at 10:58:22 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mari\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} -
(no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -
C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: QuickSearch Search Bar -
{82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [System MScvb] C:\Documents and Settings\mari\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [tmvujer] C:\WINDOWS\tmvujer.exe
O4 - HKLM\..\Run: [lsxab] C:\WINDOWS\lsxab.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [System MScvb] C:\Documents and Settings\mari\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program
Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common
Files\MySoftware\Newsflsh.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} -
http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) -
http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab


0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11984498

Firstly, run HJT from its own folder, so that backups are safely kept, just in case...

After that run HJT, scan and select these to be fixed:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} -
(no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -
C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: QuickSearch Search Bar -
{82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [System MScvb] C:\Documents and Settings\mari\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tmvujer] C:\WINDOWS\tmvujer.exe
O4 - HKLM\..\Run: [lsxab] C:\WINDOWS\lsxab.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [System MScvb] C:\Documents and Settings\mari\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} -
http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) -
http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildtangent.com/bgn/partners/aolim/install.cab

Reboot in Safe Mode and locate and delete the following files (if they exist):

C:\WINDOWS\tmvujer.exe
C:\WINDOWS\lsxab.exe

Reboot, cleanup your TIF and cookies and see if problems persist.

Zee

0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 11985363
Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
then TURN off ur System Restore and then Fix the following entries in hijackthis, by checking them adn clicking on Fix Checked !!

======================================================
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} -
(no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -
C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: QuickSearch Search Bar -
{82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [tmvujer] C:\WINDOWS\tmvujer.exe
O4 - HKLM\..\Run: [lsxab] C:\WINDOWS\lsxab.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [System MScvb] C:\Documents and Settings\mari\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} -
http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) -
http://www.shop.intuit.com/commerce/account/downloads/executables/ie/IDA.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildtangent.com/bgn/partners/aolim/install.cab
==================================================

Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found
3. Run the Spyware Removal tools and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985374
Zee.... dont mind me saying this... but i think its understood in our field... that when a person recommends Hijackthis.... its his duty to treat with it..... ofcourse not any expert can remain online for 24 hours..... but he can return and can handle his suggestions..... hope u can understand what im trying to say !!  :)
0
 

Author Comment

by:cinnacracker
ID: 11985710
OK, ill give this all a shot.  Is there anything i should do first just for safety?    (this is scary to me, but ill trust you :)   )
The only thing Im not sure about is how to log in as administrator once in safe mode.  If it doesnt prompt me, I wont know what to do, so hopefully it will.  
If it works I should then turn on system restore?
Thanks, Ill let you know.  
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985732
>> OK, ill give this all a shot.  Is there anything i should do first just for safety?    (this is scary to me, but ill trust you :)   )
print all those instructions so that it will be easy to work out step to step :)

>> The only thing Im not sure about is how to log in as administrator once in safe mode.  If it doesnt prompt me, I wont know what to do

when u will boot into safemode,,,,, it will automatically give u the Administrator icon to login :)
getting into safemode >> http://www.computerhope.com/issues/chsafe.htm

>> If it works I should then turn on system restore?
Sure... always :)

anything else =)
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11986236


SS,

You know what I think about your comment, so...

Anyway, it's the questioner privilege to accept the answer, and if you want more points, I can spare you a few thousands...

You should take some time off for yourself.

Duh...

Zee
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 29

Expert Comment

by:blue_zee
ID: 11986249

 cinnacracker,

I am sorry for the OT comments, but some people are here just for the points (wonder why...), instead of truly wanting to help anybody.

Rant off,

Cheers,

Zee
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 11988286
Hi!
>cinnacracker
After you try the suggestions from SS above - post another HijackThis log here.
You have a version of CWS that HijackThis cannot deal with;
it will appear to be fixed, but will re-appear.

Cheers...
RF
0
 

Author Comment

by:cinnacracker
ID: 11990975
reappear????? NNNOOOO!!!!!!

Geez, well i just came here to say although it took 4 solid hours to run all those scans, the directions given worked well.  I was able to start without that blasted error and but the system restore back on.  yippee horray!

CWS? whats that?  I will ask my sister to run hijack this again and to send me the log.  I will post it here for inspection!  

Everyone who answered was helpful.  I am going to learn about how these points work.  I do not know yet if it is up to me to award or if an administrator here does that.  I will check.  

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11991019
>> I was able to start without that blasted error and but the system restore back on.  yippee horray!
well that's a good start atleast :)

>> CWS? whats that?
Sticky Bubble Gum for IE,,,, lol read here >> http://www.spywareguide.com/product_show.php?id=599

>> I am going to learn about how these points work.
dont worry abt the points yet.... as ross said, it will return,,,,, so give it some days to check if it will come or not.... once u get satisfied, only then points shud be given :)
0
 
LVL 2

Expert Comment

by:TheTinkeringToad
ID: 11993096
You may have some shareware on your system that needs it to run.
Its one of the pitfalls of shareware. If so determine what program needs it and either reinstall it then uninstall it completely then get rid of the rest of wild tangent.
0
 

Author Comment

by:cinnacracker
ID: 11993657
Ok, here's the latest.    Youll probably see a search bar on there that looks like junk.  It is, but my sister didnt want me to uninstall it.  Other than that, please let me know if you see any trouble.   THX!

Logfile of HijackThis v1.98.2
Scan saved at 7:19:51 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\VISION~2\ONETOU~2.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mari\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [System MScvb] C:\Documents and Settings\mari\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: WebWorks Help 3.0 - file://D:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
0
 
LVL 2

Expert Comment

by:TheTinkeringToad
ID: 11993854
EEEEEEEEEEEEEk you have alot of stuff on there that could be the culprit. Wild tangent is included with alot of things. What ever you uninstalled recently will be more likely the problem.
That is the easiest avenue if it is the problem. Reinstall what ever you uninstalled recently.
Get rid of all that spyware on your system. Wild tangent = problems any free explorer helpers are 99% spyware. Even some of what you pay for is = spyware. Best case is to never install any explorer helpers. The only thing they help is problems. Use cwshredder to help you out a bit.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11995703
if this is the bar which ur sister dont want to uninstall >> O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

then u just need to fix this line >> O4 - HKLM\..\Run: [System MScvb] C:\Documents and Settings\mari\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\documents.pif

everything else is pretty much fine :)
are u still having any problem with ur system or is running fine now =)
0
 

Author Comment

by:cinnacracker
ID: 11996304
So far no more problems.....

yes, thats the tool bar she wants..... (rolls eyes)

so delete that other line you are saying?     ya, looks like if it is temporary internet files, it should go....

other than that, if it works and i dont have any significant lags or errors, theres not much more i can do... i have several new web cleaning tools that you recommended, so i will try to run those with more frequency.  

I dont exactly know what is meant by free internet helpers... anything gadget you download and dont pay for i guess?  nothings for free huh?    I tell her to stay away from that kinda stuff, but shes gullible and clicks on anything neat-o or involving a cute animal (sigh).  More work for me in the future im sure.

Thanks guys!



0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11996478
>> I dont exactly know what is meant by free internet helpers

Internet Explorer helpers mean BHO(browser Helper Objects),,,,,, MS created this featureso that third party tools, like Adobe and Mcafee or Norton, can work with IE..... but now-a-days these malwares and spywares take FULL advantage of this feaure and stick themselves to IE as BHOs so that they can activate themselves every time u launch IE =\

e.g these were all junk BHOs which i asked u to remove....

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

But ur system is clean now according to the LOG, except that BAR stuff ;-)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11996530
>> So far no more problems.....

that's a good sign indeed :)
So if u think that ur problem is solved, and u consider this issue as Closed, then u can close this question too :)
as u can see an Accept button infront of each comment u got, u have to hit that button for the comment which solved ur problem and then assign a grade according to the queslity of help u recieved :)

and if u think that there was more than one expert who helped u to solve ur problem, then u can use the Split Points feature, as u can see a Split Points link above the comment box whre u type ur questions and comments, hit that link and there u can split the points between experts and then can assing a grade.... that's all u have to do =)

for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
Thanx for being at EE =)
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now