1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinXP search tool not responding & other problems

Discussion in 'Windows XP' started by Ragenowski, Apr 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Ragenowski

    Ragenowski Thread Starter

    Joined:
    Apr 7, 2004
    Messages:
    6
    Hello all, this will be my first post here so go easy on me.lol
    I'm having a problem with several functions in WinXP.
    First and foremost, my search function won't operate. I can get into it and type in what I'm looking for in the "all files & folders" field but when I click on "search" after a few seconds (I have task mgr up to see how long it takes) in the task manager 2 separate applications show up and both of them say "not responding". I have to click end program on one, and they both go away. I tried a system restore, but naturally I didn't know enough when I got the computer to know I needed to set up regular restore points so it didn't work. I've tried everything from cleaning out my registry with Regcleaner to running spybot S&D and Adaware 6.0 to disabling some of the junk that's running in the background with msconfig. I'm kinda at my wits end here, so any help would be GREATLY appreciated.
    Another problem I've had for a while is that when I click on "restart", the computer tries to shut down and gets all the way to the "saving your settings" screen and then locks up. The only way for me to get it to restart is to turn it off at the power switch and then turn it back on. This is annoying but I can live with it if it's not potentially dangerous to my computer with all the turning it on and off. Thanks in advance for any help.

    Ragenowski
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Let's see if we can find any reasons for this in a HijackThis scanlog.

    Unzip HijackThis to a permanent location, run it and select Scan. Then save the scanlog and copy/paste the results to a reply here.

    http://www.spywareinfo.com/~merijn/downloads.html
     
  3. Ragenowski

    Ragenowski Thread Starter

    Joined:
    Apr 7, 2004
    Messages:
    6
    Ok, here goes nuthin!


    Logfile of HijackThis v1.97.7
    Scan saved at 5:57:16 PM, on 4/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\SYSTEM32\ati2dvag.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Ragen \Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/v5/home/0,1793,6,00.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
    O4 - HKLM\..\Run: [WinSetup] C:\WINDOWS\SYSTEM32\ati2dvag.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: ICQ Lite (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll
    O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?4546
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/221cd218fca67528f600/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
    O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab



    Looking at some of this and I think I recognize what might be some spyware, so I'll run Spybot or Adaware. I run them both weekly, but not at the same times. Thanks
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Get the lspfix application from this site:

    http://www.cexx.org/lspfix.htm

    Run it and check the box "I know what I am doing".

    Then move all the ua_lsp.dll into the "Remove" window and select "Finish"

    Next Run HijackThis and check this entry and "fix" it:

    O4 - HKLM\..\Run: [WinSetup] C:\WINDOWS\SYSTEM32\ati2dvag.exe

    It does not appear to be a legitimate ATI file. You will need to reboot to delete it. Before you do, right click on it and select Properties > Version to verify it does not have an ATI copyright. If it doesn't, send it to the recycle bin. It is in the c:\windows\system32 folder. Don't confuse it with your other ATI* files there.

    >> Next I would suggest you check and "fix" this entry in HijackThis OR run msconfig and uncheck it under the Startup group tab:

    O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"

    >> it appears legit but shouldn't normally be starting unless you have enabled some oddball Dell function. I have a Dell as well and don't have any of their stuff starting up.

    Finally you can check and fix this, it is legit but has no value; it appears after some types of system errors and is of use only to developers:

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    And you might want to explain what happened when you ran System Restore. It is not necessary to configure anything initially for it to automatically create restore points, usually one a day.

    Post another scanlog when ready.

    By the way the "lsp" dll is apparently installed by a game called "xfire" to access their servers. Frankly I would not keep anything that alters the winsock protocol in that way. I would suggest uninstalling it from Add/remove programs.

    http://forums.net-integration.net/index.php?showtopic=12476
    http://216.239.53.104/search?q=cach...=2&topic=2122+Xfire+ua_lsp.dll&hl=en&ie=UTF-8
     
  5. Ragenowski

    Ragenowski Thread Starter

    Joined:
    Apr 7, 2004
    Messages:
    6
    Ok, thanks for the info. I won't be able to do any of this until tomorrow but I'll make sure to post another scanlog and what exactly (in my oh-so computer illiterate words) I did to restore. It's late here and I need to go to bed now.
    And BTW, the program "xfire" isn't a game. It's a program kind of like AIM that you can use for gaming and such. You can create a buddy list and it shows you what servers your buddies are in so you can join in a game with them. It's also got a chat and messenger function. It's really a pretty cool little free program for gamers. At any rate, I'll let you know how these things help. Thanks again!
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218094

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice