System Mechanic 6 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Closed Thread
Thread Tools Display Modes
Old 03-28-2006, 04:14 PM   #1 (permalink)
Newb Techie
Join Date: Mar 2006
Posts: 6
Default System Mechanic 6

I have recently purchased System Mechanic 6 and whilst I think it is very useful I have found the software to be giving other problems. Since the installation when I restart my PC I find that instead of getting my desktop I am getting a windows folder opened everytime I restart my PC. The folder is the one with my name which contains My Documents and other files. This is really frustrating. Another thing it does is changes my electronic diary setting so that it doesn't appear on my desktop. I have to reset this to come in the windows startup but it only lasts a couple of times and I have to keep doing it. I have run msconfig and taken the software out of the startup including the popup blocker but this is still happening.

Does anyone have any ideas how to overcome these two problems please.

birdie7015 is offline  
Old 03-28-2006, 04:18 PM   #2 (permalink)
S e c u r e d
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760

It still sounds like there is something from the System Mechanic that is still in the startup.

Can you take a screen shot of your msconfig and post it here?
Can you run HighJackThis after you restart your machine and post the log here? Make sure you restart the machine and THEN run the HighJackThis...

This will show us whats running after you restart the machine.j

brady is offline  
Old 03-28-2006, 04:34 PM   #3 (permalink)
Newb Techie
Join Date: Mar 2006
Posts: 6
Default System Mechanic 6

I am being told that the file is too large. If I reduce it you can't see it.
birdie7015 is offline  
Old 03-28-2006, 04:35 PM   #4 (permalink)
Newb Techie
Join Date: Mar 2006
Posts: 6
Default System Mechanic 6

Sorry but I don't know whay Highjack is.
birdie7015 is offline  
Old 03-28-2006, 04:36 PM   #5 (permalink)
S e c u r e d
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760

Ok... Don't worry about the Screen Shot then...

Run HighJackThis and post the log.
Make sure you restart the machine and THEN run "HighJackThis".
brady is offline  
Old 03-28-2006, 04:56 PM   #6 (permalink)
Newb Techie
Join Date: Mar 2006
Posts: 6
Default System Mechanic 6

OK. Here is the file requested. The site is telling me that I am sending a file that isn't a txt. so I will cut and paste the information:

Logfile of HijackThis v1.99.1
Scan saved at 23:50:55, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier. exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Chaos Manager\cm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\6TQJQRKZ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=;ftp=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =;<local>
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Frog search toolbar - {DBE7CDFE-173F-4300-95B3-6094BA786DBC} - C:\PROGRA~1\FROGSE~1\FROGSE~1.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TimeUp] C:\Program Files\TimeUp\TimeUp.exe /T
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier. exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSISETUP] C:\DOCUME~1\Alex\LOCALS~1\Temp\GsiInst.exe INSTALL C:\DOCUME~1\Alex\LOCALS~1\Temp\.\V205Res 13
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC 2.EXE /A "C:\WINDOWS\system32\E_SC7.tmp"
O4 - HKCU\..\Run: [SOProc_DAP] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~2\soproc.exe -pack DAP
O4 - HKCU\..\Run: [ChaosManager] C:\Program Files\Chaos Manager\cm.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\AutoLoad.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Documents and Settings\Alex\My Documents\Images Saved\ImagoSc18_007_Daniela_Cecconello.jpg
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{17053741-2875-4445-9579-4BCB6C8C27D1}: NameServer =
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
birdie7015 is offline  
Old 03-28-2006, 05:09 PM   #7 (permalink)
S e c u r e d
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760

ok wow you got some spyware in there... lets do this :

Follow these instructions carefully
Brought to you by Warez Monster

Download ALL 4 programs and update them as soon as they are installed, this is very important, except for Hijackthis!.

Ad Aware SE Personal

Spybot Search and Destroy

Microsoft Windows AntiSpyware



Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, click apply, dont reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit".

Now run each spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

For Microsoft Antispy, after it has finished scanning, some items will/might be on ignore, you will need to select remove unless the program is valid such as VNC Viewer, etc.

Now go to the recycle bin and delete everything that is in it.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode. You dont need to run Hijackthis! yet.

Then run HiJackthis!

Save the log, copy and paste the log on
Do not attach the log, copy and paste always. This will make things go much faster.
brady is offline  
Old 03-28-2006, 05:32 PM   #8 (permalink)
Newb Techie
Join Date: Mar 2006
Posts: 6
Default System Mechanic 6

OK. But I will this tomorrow as this will take some time. I am in the UK and it is 00.30

I will send to you tomorrow.
birdie7015 is offline  
Old 03-28-2006, 05:42 PM   #9 (permalink)
S e c u r e d
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760

Make sure to PM if you need further instruction.
brady is offline  
Old 03-28-2006, 10:02 PM   #10 (permalink)
Join Date: May 2005
Posts: 7,915
Send a message via Yahoo to talldude123

get rid of CM.exe.

go to add/remove programs, and remove chaos manager. It causes choas, and is a trojan, with a rating of 4/5

talldude123 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities

Copyright 2002-2015 Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:28 AM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.