1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What going on with my computer?

Discussion in 'Virus & Other Malware Removal' started by Daniellla, Sep 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    For once, I can not open a couple of programs...(FileViewerUtility, a sofwear from Cannon Rebel, and the NETGEAR MA101 USB sofwear..that opens, but in what I can call a soft version....It use to open with serveral options, now is just the info about the conection, but I can not access any option)
    I create another account on Windows XP and if I switch users on the computer, I can open the Canon soft (the other does not want to open on the new user!)

    For second, I get this everytime I log in:
    Retrieval of Thotkey failed
    Error code 0x00031402, 0x000000002

    for 3erd, I found Ltmoh.exe on the Starup list of sistem configuration utility...that was when I uncheched pmproxy (not sure what it is) because it was giving a error message at log in too.


    Norton Antivius us update and running well...
    I have a Toshiba Satellite 302s
    Xp update
    Ad-aware 6.0


    THANKS!
    Daniellle

    (I open msconfig and enable EVERYTHING on the start up tab before run HijackThis. Usually I have Drag and drop, ltmoth, pm proxy, real player, syntepenh, syntplpr, american on line, bluetooth and micatek scanner unable)


    Logfile of HijackThis v1.98.2
    Scan saved at 11:52:28 AM, on 9/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
    C:\WINDOWS\system32\SMC2635WMonitor.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Daniela\My Documents\downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.harrymania.harrypotter.cz/index2.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
    O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 28
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: MA101 Configuration Utility .lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
    O4 - Global Startup: SMC2635W 11Mbps WLAN Monitor.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\tecno-kazemule\local.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3122ccba03034d785805/netzip/RdxIE601_es.cab
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Retrieval of Thotkey failed

    Is a Toshiba driver issue, reportedly resolved by reinstalling the "common module driver/file" that should be supplied somewhere on the original software that came with the machine.

    Similarly for other programs that are malfuntioning the first resort should be to completely remove and reinstall them.

    While I don't think it is an issue with any of the problems you are describing, I see you have Messenger Plus 3. Unless you paid for this, it is usually associated with a "lop.com" hijack.
     
  3. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    Not more Thotkey problem! THANKS!!! :)

    But...I still have this message everytime I start the computer :-(

    'PmProxy.exe

    This aplication has failed to star because PMCPL.cpl was not found'

    So, I just desable PmProxy using the msconfig....but..what is PmProxy? Why do I need it? why I don't?

    About the other program, the canon and the NETGEAR MA101 USB
    I have remove them and re-instal MANY MANY TIMES! And still they dont open...or..let me be more specific: They open for a second and with a 'plim' they close again. The Canon one I can use if I log in in the PC as another user. But the problem is I have all my program and documents on my old user name! Any idea why this happens? I spend 2 hs with canon suport and they couldn't fix the problem, and honestly, the softwear open and run on the other user, is not a softwear problem...

    And...what is a "lop.com" hijack? How does that affect my computer?

    THANKS!
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    about pmproxy:

    ref: http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

    I guess you could leave it disabled if there is no loss of sound card functionality that you can detect. You could also reinstall the sound drivers. Probably just removing them from the Device Manager and rebooting would accomplish that, but it might be wise to check up on Toshiba's support pages for any issues regarding them.


    I'm not sure what to make of the other problems, except that you might have something starting in your current profile that is causing a conflict.

    You could use "msconfig" to do some "clean boot" troubleshooting to test.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

    I wouldn't disable "non microsoft" services, at least not at first, since some of them may be associated with the applications you are trying to run and be required for that.
     
  5. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    :eek:
    Well, I have try that before, and it didn't solve the problem, but I thought I will try again....and guest what? THE Thotkey problem is back!!!
    But now I know how to fix that, I just insert the toshiba backup disk and uninstaled.
    But I still can not run the Canon program, that open for a second and close, or the Netgar one, (I think is because that program is nor running, that I loose my internet conection very frecuently)
    I have spend close to a week trying to fix this...At this point, I think it would have been easy to just reintal the complete computer and instal all my programs again...but now is to late for that!
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Not sure what you tried. If the "clean boot", you just need to ensure that when you re-enable the msconfig startups, any entries that you previously had unchecked, you uncheck again.

    If you haven't tried the clean boot, it's a worthwhile troubleshooting exercise.

    In any case, being as you are in the "Security" forum, I think I can tell you that it does not appear to be a security issue.

    If these problems do not occur when using another profile, you might compare just what is running in both profiles, or rather what is not running in the one that works.

    I notice you have both "Epson" and "Lexmark" drivers in this one. Perhaps a conflict there?
     
  7. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    I have try the clean boot, more than once, and there is not diference. And even when, after doing it, I unchecked averything that has the word Thotkey on it, I was still having the error message, I needed to uninstal it form the Toshiba CD.
    I have the printers drivers for several month and I just have this problem now...The Netgar program was working last week. But I can try removing some, I dont have all that printers now.
    I can also check what run in one profile and what in the other...Any sugestions how to do it with out writting one by one on a piece of paper?
    Can you suggest a more suitable forum?

    THANKS!
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I suppose it could go to either Hardware, since you are dealing with peripheral devices, or possible All Other Software.

    It would be best to start a fresh topic. Let me know if you do that and I will close this one.

    You could run a HijackThis Scanlog for the alternate profile to compare with.

    Do the two profiles have the same administrative priveleges?

    If you don't have the other printers you should uninstall the software for them and ensure those startups in the Scanlog do not remain.

    lop.com is a "search page" hijack. I don't actually see evidence of it in this Scanlog. I believe there is a purchased and a free version of Messenger Plus 3 and the adware is only installed with the more recent free version.

    http://www.google.com/search?q=lop.com+messenger+plus+3&sourceid=opera&num=0&ie=utf-8&oe=utf-8
     
  9. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    ok, you can delete this one...I have posted on the softwear forum (not answers so far) and THANKS!
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I won't delete it, you can come back to it if you have any reason to think a "security" problem has re-emerged. It's just that there doesn't seem to be one involved at the momemt.
     
  11. Daniellla

    Daniellla Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    11
    Well, it may not be a security reason, but it not been able to open the sofwear from Canon in my main identity is driving me crazy...I did a HijackThis Scanlog for the alternate profile and compare it..and there are identical! Did I did it right?
    You can see them at
    http://forums.techguy.org/showthread.php?t=271931

    I belive the two profiles have the same administrative priveleges. But...how can I be sure? In Control Panel, user account, both say computer administrator...
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You're right I don't see any differences in the profiles either. I would have thought maybe the lexmark or epson entries might be conflicting, but both are present in both profiles. What strikes me is they are TOO identical, including the same start pages, kontiki, and google add-ons ??

    I don't think the administrator rights is an issue if the software installed originally. But in addition to the control panel, you can open a command prompt in a given profile and enter:

    net user

    to see the administrative priveleges for the computer.

    It's just possible the "Daniella" profile is damaged in some way.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269444

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice