1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Changes in icons + annoying error messages.

Discussion in 'Virus & Other Malware Removal' started by Kalicyddian, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Kalicyddian

    Kalicyddian Thread Starter

    Joined:
    Apr 5, 2004
    Messages:
    10
    I recently got rid of an infection, but along came many new changes. Several of my folder icons (e.g. "My Music") reverted to the default icon. I have also downloaded a program called "PC Doctor" while I was infected, but I haven't had to use it until now. I have finally used it, but it claims it fixed about 39 errors, all of which were missing files. The missing files were part of a toolbar I had deleted called "My Way." It hasn't come back, but several more icons have appeared on the bottom toolbar which are part of my computer, but haven't popped up before. Each time I log on to the computer, I always get an error saying it could not execute file Main because the file was not found. I'm not sure what this is either, but I'm not sure if it's a problem since it has only recently started after the I got rid of the infection. Just in case, here's my logfile...

    Logfile of HijackThis v1.97.7
    Scan saved at 5:01:09 PM, on 4/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\WINDOWS\System32\atray.exe
    C:\WINDOWS\realtime.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\aim\aim.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\America Online 8.0\aol.exe
    C:\Program Files\America Online 8.0\waol.exe
    C:\Program Files\StreamCast\Morpheus\Morphexe.exe
    C:\Program Files\StreamCast\Morpheus\mldonkey\mlnet.exe
    C:\Documents and Settings\NewUser\Local Settings\Temp\Temporary Directory 8 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jersconsin.tk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.emachines.com/
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [Atray] atray.exe
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{423C1E37-6379-40F1-A81F-6862068CCA85}: NameServer = 205.188.146.146
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It's my understanding that "pc doctor" is adware supported.

    In any case I would suggest you check the following entries in the HijackThis Scanlog, close all browser windows, and select "fix checked":

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

    >> After doing this, reboot and and delete the "WebsavingsfromEbates" folder in c:\Program Files. If you have trouble doing this in normal mode, reboot to Safe Mode to do it.
     
  3. Kalicyddian

    Kalicyddian Thread Starter

    Joined:
    Apr 5, 2004
    Messages:
    10
    Thanks for the advice. I was wondering if you had any clue as to why some icons would suddenly start up each I turn on the laptop that never had before. Also, I was wondering if you had any clue as to why other icons were deleted/reverted to tthe default icon, and if there's anyway to reverse that effect..

    By the way, I no longer get the error message saying the file Main could no t be executed. Thanks!
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm not sure what "new" icons you might be referring to, but I have seen Windows occasionally lose track of custom icons.

    You can manually select the icon you want for a folder by right clicking on it,, select "Properties" > "Change Icon" and choose from what is there. OR if you know the location of a particular icon you want to use, you can "browse" to that address. You can even create custom ones with the right image editor. It is simply a matter of sizing an image to the right dimensions and then saving it as an .ico file.

    IrfanView, a freeware utility, will allow you to do that.

    http://www.irfanview.com/
     
  5. Kalicyddian

    Kalicyddian Thread Starter

    Joined:
    Apr 5, 2004
    Messages:
    10
    What I mean is that more programs automatically start each time the laptop is turned on. I know the programs are part of my computer, but they've never started automatically before. Since I haven't used them before, I don't need to use them now, but I have to close them each time. The icons I referred to were just the active programs on the bottom toolbar. I guess it's no big deal... Thanks for your help!
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Which programs? Do you see them in the HijackThis Scanlog?

    You can also run msconfig and uncheck them under the Startup tab. If you had previously unchecked them and re-enabled a normal startup rather than selective, then all the unchecked entries become checked again.
     
  7. Kalicyddian

    Kalicyddian Thread Starter

    Joined:
    Apr 5, 2004
    Messages:
    10
    The programs are BigFix (from eMachines), Synaptics Pointing Device, and two different Wireless Network Connection icons. Previously, only one of the "Wireless Network" programs started...
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219404

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice