1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows XP System Configuration Utility

Discussion in 'Windows XP' started by Shasta, May 28, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    When I run msconfig and go into my startup menu, I have all kinds of programs in there. Can anyone tell me what is and is not necessary. Here's my list of what is running when I log on my computer.

    RECGUARD
    RUNDLL32
    KBD
    hpsysdrv
    ps2
    BlockTracker
    hkcmd
    bridge
    wupdt
    ccRegVfy
    ccApp
    TVTMD
    sgtray
    CMESys
    Loader
    Belt
    autotbar
    pchbutton
    rundll32
    NoAds
    Gator eWallet

    Many thanks in advance to anyone who can help me out here.
     
  2. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    I think bridge is part of a browser hijack. If you can, post a HiJack This log. You don't want to disable hijackers, you want to kill them.
    You can get Hijack This here.
    http://www.majorgeeks.com/downloads31.html
    Unzip it into its own folder and scan only. Post the log here by copying and pasting it.
     
  3. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    Gator?? AHHHHH! I don't believe I missed that. You need to download adaware and spybot search and destroy at majorgeeks also. I think you need a thorough cleaning.
     
  4. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    I don't want to get rid of Gator if I don't have to. I know some people think it's a PITA, but I use it all the time. I used that Spybot S&D before and it screwed some stuff up on my computer, rather not do that again if I can avoid it. It took 2 days of tweaking and a system restore to get my computer back in order after the Spybot S&D. I'll check out the adaware this morning, though. I have to cut some of these startup programs, I have so many running, my anti-virus program won't start up at log on sometimes.

    Many thanks!


    This is my hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 7:24:28 AM, on 5/28/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\TVTMD.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\Program Files\ClearSearch\Loader.exe
    C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\Program Files\Gator.com\Gator\Gator.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\D&E Jazzd Internet Service\Netsurf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dejazzd.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dejazzd.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E7778} - C:\Program Files\POP\pop167.dll (file missing)
    O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Search Explorer Toolbar - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - C:\Program Files\Search-Explorer\explbar.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
    O4 - Global Startup: Gator eWallet.lnk = C:\Program Files\Gator.com\Gator\Gator.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nmtracer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://chat.msn.com
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/r3un10n.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1294/ftp.coupons.com/v6/brix6ie.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://63.236.66.10/em/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50047/QDow.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521958} - http://207.218.249.102/webplugin.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...tmeter4_5/nminstall_en_4.52.30.0_SILENT_2.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab
    O16 - DPF: {A19A291A-9653-4498-93F6-5BA06CF699D8} - http://download.peopleonpage.com/pop/ads/247/ax/PopLoad.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {ED3ADB6E-5AA9-41B0-9DDC-6F31A34552BE} - http://206.161.193.117/install.exe
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8568CF46-C8A6-49DA-A00F-CAABF39233AB}: NameServer = 66.109.229.4 66.109.229.5
     
  5. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    OK, run adaware and repost. Gator isn't a PITA, it is spyware. There are good alternatives to gator. They do the same thing without phoning home and reporting everything you do. Make sure you update adaware before you run it. You have the bridgefind hijack just like I suspected.
    Are you interested in replacing gator? It is a terrible program, I mean it sux.
     
  6. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
  7. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    I just downloaded the adaware -- what exactly is it supposed to do?
     
  8. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    It will clean spyware. You have plenty of it. That is why your computer is dragging along.
     
  9. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    What exactly does that mean? :confused: How do I get rid of it?
     
  10. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    I'm downloading roboform now. Should I just delete the Gator or what?
     
  11. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
  12. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    Gator is gone. I can't find this "clearsearch" thing on my add/delete programs menu. I'm checking out $teve's post now.

    Thanks for all the help.
     
  13. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    Shasta, I am going to be away from the computer for a little while shortly. Run adaware, let it fix what it finds and then repost another HiJack Log. I'll be back, but someone will help you in the meantime. Don't let your post fall off the page. Just post bump when it starts to fall too low, like almost off the page. It is 8 am here, I should be back in about an hour and a half to 2 hours. You are going to have to fix some things with hijack this, as well as find and delete some crap in safe mode.
    Hang in there, DO NOT give up. You won't recognize your machine once it is back up to snuff.
     
  14. Shasta

    Shasta Thread Starter

    Joined:
    Apr 30, 2003
    Messages:
    150
    I'm going to be away from the computer in about 15 minutes, but I'm leaving the adaware running (it's scanning now). I'll download Spybot S&D when I get back in about 45 minutes. I PM'd $teve about the adaware.

    Thanks for all the help skivvywaver, I really appreciate it.
     
  15. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,947
    Cool, I'll check back on you later. I asked someone to help you while I was gone, but since you are leaving.......
    If cookie shows up, disregard her sig. She is very good.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/233358

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice