# cnbabe.dll



## smp2940 (Jan 12, 2004)

Ok heres the deal, my computer seems to be really screwed up, im sure thats nothing new to you. Like all the others I am also having the error loading cnbabe.dll thing. However another problem im having is that when ever i go to open certain applications they will pop up for about 3 seconds then go away, examples (taskmanager, maconfig). Without being able to open up msconfig i am not able to go through this process of getting rid of the commonname files. One thing that i think may be my problem is my rundll32, when i go into my system folder i only have a rundll16 and no rundll32, but im not sure if thats my problem or not.????

Please help me if you can i would really appreciate it!!!! thank you

stephen


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome, smp2940

I've split you of into your own thread, as you may get more replies here 

Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates. 
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds.

Then, Go here for the free Ad-aware 6 Personal Build 181: http://www.lavasoft.de/support/download/

Then please launch the program ... on the start-up screen, you will need to first run the Webupdate Feature (globe at the top), or click "check for updates" on the start screen to get the Reference File up to date.

Please use either the Custom Scan with Memory and Both registry scans ON. Also.... make sure that you activate IN-DEPTH scanning.

Then, see that you have these options checked: 
Under Ad-aware 6 Settings, Tweaks, Scanning Engine: 
"Unload recognized processes during scanning." 
Under Ad-aware 6 Settings, Tweaks, Cleaning Engine: 
"Automatically try to unregister objects prior to deletion." 
"Let Windows remove files in use after reboot."

Next ...

Run Ad-aware 6. 
Mark the objects you wish to eliminate for removal. There are many options available with a right-click. 
Make a Quarantine only if you do not have the Auto-Quarantine option ON. 
Then choose "Next" to remove the chosen objects. 
Finally ... Reboot

That ought to get rid of most of your spyware.

When you've done all that, go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'. 
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button. 
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet. 
Someone here will be happy to help you analyze the results.

Regards

eddie


----------



## smp2940 (Jan 12, 2004)

thank you u fixed all my commonname cnbabe problems, however im still having a problem with my taskmanager, it will pop up for 2 sec. and then go away. besides that problem everything seems to working very well.

One last question for you do u reconmend and download managers that wont mess up your computer like kazza. I heard about something free called kazza lite what do u know about it??

heres the scan from hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 8:19:35 PM, on 1/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\av.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\YSMFGN32.EXE
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\locallpr.exe
C:\WINDOWS\System32\msvdtc.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\msievc.exe
C:\WINDOWS\System32\msdtcvs.exe
C:\WINDOWS\System32\msrecsd.exe
C:\WINDOWS\System32\Okw7.exe
C:\WINDOWS\System32\Ghr5e.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - c:\windows\cnbabe\cnbabee.dll (file missing)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: (no name) - {27557cf1-a237-496d-8c8f-08f3844c6a8b} - C:\Program Files\whistlesoftware\WselServices\WhistleHelper.dll
O2 - BHO: (no name) - {95E02C52-05FC-425D-8378-9DA70F9CD763} - C:\WINDOWS\System32\aadl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Bwd9m.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Owner\WebInstall.exe /R
O4 - HKLM\..\Run: [xnpsp1hfm.exe] C:\WINDOWS\System32\xnpsp1hfm.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKLM\..\Run: [eqkzxzg] rundll32 C:\WINDOWS\System32:eqkzxzg.dll,Init 1
O4 - HKLM\..\Run: [SystemSearch] C:/WINDOWS/REGEDIT.EXE -s C:/WINDOWS/system.reg
O4 - HKLM\..\Run: [Yahoo Instant Messenger] YSMFGN32.EXE
O4 - HKLM\..\Run: [symlink32] C:\WINDOWS\system32\gotit.exe
O4 - HKLM\..\Run: [IWE] C:\WINDOWS\IWE.exe
O4 - HKLM\..\Run: [Tiny Firewall] C:\WINDOWS\System32\msvcrtid.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s 
O4 - HKLM\..\RunServices: [Yahoo Instant Messenger] ymsgr32.exe
O4 - HKLM\..\RunServices: [symlink32] C:\WINDOWS\system32\gotit.exe
O4 - HKCU\..\Run: [xnpsp1hfm.exe] C:\WINDOWS\System32\xnpsp1hfm.exe
O4 - HKCU\..\Run: [symlink32] C:\WINDOWS\system32\gotit.exe
O4 - HKCU\..\RunServices: [symlink32] C:\WINDOWS\system32\gotit.exe
O4 - HKLM\..\RunOnce: [*eqkzxzg] rundll32 C:\WINDOWS\System32:eqkzxzg.dll,Init 1
O4 - HKCU\..\RunOnce: [Yahoo Instant Messenger] YSMFGN32.EXE
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O9 - Extra button: Whistle (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director6/cabs/SW.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

thanks again man keep up the good work


----------



## cammi (Jan 9, 2003)

there are probably more, but tick and fix
R3 - Default URLSearchHook is missing
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - c:\windows\cnbabe\cnbabee.dll (file missing)

TSG management doesnt support P2P so we aren't allowed to talk about it. but anyway, you have to pay for kazaa lite now.


----------



## dvk01 (Dec 14, 2002)

You have major problem with countless viruses/trojans etc

first

Run an online antivirus check from at least one and preferably 2 of the following sites 
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx

make sure autoclean is ticked on the sites you use, I suggest using NAV and then reboot then use housecall

THen reboot again and post a new log so we can try and clwear up the rest

You will have aflood left and peper definitely and probably some omore that won't be in the online databases.


----------



## smp2940 (Jan 12, 2004)

thanks guys for all your help but...

I ended up just having to go through my system recovery. My internet provider shut me off from the internet b/c i had multiple viruses (kuang 2, backdoor virus, probably more) and was sending infected files around the web. Thank you anways for the help your gave me earlier, if i ever need help i know where to come. I will also recomend u guys to others who are having computer problems.

thanks again steve


----------



## sleekluxury (Oct 5, 2003)

Wow, this got 10,796 Views . Is it because it had the word babe in it? Dang...is that like the most in Security? Well besides the ones that have been sticked and say "Important:"


----------



## sleekluxury (Oct 5, 2003)

> _Originally posted by smp2940:_
> *thanks guys for all your help but...
> 
> I ended up just having to go through my system recovery. My internet provider shut me off from the internet b/c i had multiple viruses (kuang 2, backdoor virus, probably more) and was sending infected files around the web. Thank you anways for the help your gave me earlier, if i ever need help i know where to come. I will also recomend u guys to others who are having computer problems.
> ...


You did recover to a date after you deleted the viruses right? Just making sure, otherwise the viruses would come back to.


----------



## dvk01 (Dec 14, 2002)

please post a new hiajck this log

when you say sytem recovery do you mean XP inbuilt restore system or a complete format & windows reinstall with a recovery disk, supplied by your computer manufacturer


----------



## Greg Deal (Jan 21, 2004)

Probably a little late, but I had what sounds like the same problem recently. I looked around to see what was running that didn't look right, and it was the codefile : c:\windows\system32\ysmfgn32.exe. When I killed it, everything was back to normal. My main symptom was that it was sending out TCP packets constantly, leaving my machine on all different ports (number just counting up), and going to various IP addresses (its value also just counting up). I also had the problem where if I started up regedit, msconfig, even ctrl-alt-del, a window just flashed up for a split second, and then went away. Rather impressive defensive programming. I scanned the file directly with Symantec virus signatures of 1/20, but it didn't pick up anything. I submitted to Symantec and they wrote back stating I had a new variant of the W32.Spybot.worm (originally out April 2003). Their updated virus signatures now pick it up. No idea how I got it though.


----------

