Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Freeze, Programs Hang Unresponsive.


  • This topic is locked This topic is locked
11 replies to this topic

#1 fleamour

fleamour

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 23 April 2008 - 01:57 PM

Hi

I have posted extra.txt as attachment as advised. The system randomly freezes, more on user Anne's profile though This may be imagenary! When trying to update, say Spybot or AdAware it tends to hang. I have managed to scan with AdAware, Avast & Kapersky's Virus Removal Tool. Very frustrating when it hangs, even shutting down errant app with Task Manager does not tend to work. Is it simply a low memory problem? This computer is loaded to the gills with stuff?

Many thanks in anticipation of your help!!!


Deckard's System Scanner v20071014.68
Run by John Hughes on 2008-04-23 19:40:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-04-23 18:40:47 UTC - RP275 - Deckard's System Scanner Restore Point
19: 2008-04-20 23:24:34 UTC - RP274 - Installed Ad-Aware 2007
18: 2008-04-20 13:59:33 UTC - RP273 - System Checkpoint
17: 2008-04-18 21:17:21 UTC - RP272 - Installed Windows Live
16: 2008-04-18 21:16:36 UTC - RP271 - Installed Windows Live installer


-- First Restore Point --
1: 2008-02-10 14:16:53 UTC - RP256 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis (run as John Hughes.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-23 19:45:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Thomson\SpeedTouch USB\DRAGDIAG.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcycoms.exe
E:\PROGRAMS\nu2menu\nu2menu.exe
C:\Documents and Settings\John Hughes\Local Settings\Temporary Internet Files\Content.IE5\YTSFAN8R\dss[1].exe
C:\Program Files\Trend Micro\HijackThis\John Hughes.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b5cc275bbf86438092b30142db8e5a0d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b5cc275bbf86438092b30142db8e5a0d
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kvrt - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe
O23 - Service: lxcy_device - Unknown owner - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


--
End of file - 11918 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 kvrt - "c:\documents and settings\all users\desktop\kaspersky lab tool\kvrt.exe" -r (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 01:03:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 19:42:07 0 d-------- C:\Program Files\Trend Micro
2008-04-21 23:21:33 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-21 23:21:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 23:21:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 23:21:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 23:21:33 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 23:21:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 23:21:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 23:21:33 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 23:21:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 23:21:33 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 23:21:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 23:21:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 23:21:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 23:21:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-21 23:21:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-21 23:21:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 23:21:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-21 23:21:32 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 23:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 19:03:47 0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-21 00:24:40 0 d-------- C:\Program Files\Lavasoft
2008-04-21 00:24:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 00:23:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 00:03:33 0 d-------- C:\Program Files\Thomson
2008-04-20 13:35:05 464928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-18 22:27:24 0 d-------- C:\Documents and Settings\Anne White\Application Data\Lavasoft
2008-04-18 22:17:01 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 22:16:42 0 d-------- C:\Program Files\Windows Live
2008-04-18 22:15:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 18:37:34 0 d-------- C:\WINDOWS\network diagnostic
2008-04-18 18:26:19 0 d-------- C:\af196699e01f908dbd9bf2b0935f83c6
2008-04-18 18:23:48 0 d-------- C:\Program Files\MSBuild
2008-04-18 18:17:09 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-18 18:15:19 0 d-------- C:\Program Files\Reference Assemblies
2008-04-18 18:11:20 0 d-------- C:\0120a14a6a06d40b1dec
2008-04-18 18:11:08 0 d-------- C:\Program Files\MSXML 6.0
2008-04-18 17:44:25 0 d---s---- C:\Documents and Settings\John Hughes\UserData
2008-04-18 17:43:57 0 d-------- C:\Documents and Settings\John Hughes\Application Data\Macromedia
2008-04-18 17:40:29 0 d-------- C:\Documents and Settings\John Hughes\Application Data\Yahoo!
2008-04-18 17:39:02 0 d-------- C:\Documents and Settings\John Hughes\Application Data\Google
2008-04-14 20:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-11 18:15:02 0 d-------- C:\Documents and Settings\Anne White\Application Data\Motive
2008-04-11 11:35:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 19:46:26 0 d-------- C:\Documents and Settings\Anne White\Application Data\Yahoo!
2008-04-08 19:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-08 19:40:55 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2008-04-08 19:40:30 0 d-------- C:\Program Files\Yahoo!
2008-04-08 19:39:58 0 d-------- C:\WINDOWS\Motive
2008-04-08 19:39:39 0 d-------- C:\Program Files\btbb_wcm
2008-04-08 19:39:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-04-08 19:39:20 0 d-------- C:\Program Files\Common Files\Motive
2008-04-08 19:37:38 0 d-------- C:\Program Files\Motive
2008-04-08 19:37:38 0 d-------- C:\Program Files\BT Broadband Desktop Help
2008-04-08 19:36:43 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:45 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:45 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-08 19:34:45 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:45 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-08 19:34:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-08 19:34:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-08 19:34:38 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:38 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:37 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-04-08 19:34:25 0 d-------- C:\Program Files\BTHomeHub
2008-04-08 19:26:04 0 d-------- C:\WINDOWS\tmp.0000
2008-04-08 19:26:04 0 d-------- C:\WINDOWS\Drivers


-- Find3M Report ---------------------------------------------------------------

2008-04-21 00:23:24 0 d-------- C:\Program Files\Common Files
2008-04-21 00:03:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 13:32:50 0 d-------- C:\Program Files\lx_cats
2008-04-09 16:04:09 0 d-------- C:\Program Files\Common Files\aol
2008-04-08 19:01:05 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-04-08 18:50:09 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [15/11/2004 16:04]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 21:24]
"SoundMan"="SOUNDMAN.EXE" [26/09/2005 16:07 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/09/2005 09:32]
"nwiz"="nwiz.exe" [18/09/2005 09:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [18/09/2005 09:32]
"CHotkey"="zHotkey.exe" [08/12/2004 18:57 C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [12/08/2005 17:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/07/2006 20:16]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [17/08/2006 20:24]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [18/08/2003 18:57]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [25/01/2006 17:02]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [07/02/2006 06:10]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [01/12/2005 19:38]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [19/07/2005 11:06]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [07/12/2006 07:59]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [23/05/2007 07:22]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 16:19]
"AVP"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [11/06/2007 07:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [19/07/2005 11:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2007 20:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 20:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [26/01/2006 09:18:22]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [08/04/2008 19:37:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [28/11/2003 13:22:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4c2d982-c5b0-11da-a39e-806d6172696f}]
AutoRun\command- E:\Programs\nu2menu\nu2menu.exe




-- End of Deckard's System Scanner: finished at 2008-04-23 19:46:08 ------------

Attached Files


ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 27 April 2008 - 12:41 PM

Hello fleamour,

Welcome back to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 28 April 2008 - 09:12 AM

I would! But getting IE to respond is jst not happening. The only thing that's changed is adding RAM otherwise it's jst sat there. Yahoo messenger hangs, so does IE when loading.
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#4 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 28 April 2008 - 09:34 AM

OK managed another. Here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:56, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A2FREE\a2service.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b5cc275bbf86438092b30142db8e5a0d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b5cc275bbf86438092b30142db8e5a0d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A2FREE\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: kvrt - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe (file missing)
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10412 bytes

EDIT: OK IE 7 would totally hang till uninstalled, browser now works???

Edited by fleamour, 28 April 2008 - 09:58 AM.

ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 28 April 2008 - 01:04 PM

Hello,

I haven't looked at your log yet, but that very well may have taken care of the problem, going back to IE6. This is more common than you might think, and equally as frustrating. Personally I gave up on IE a long time ago, and the only reasons I upped it to 7 was for the security, and the fact that I need to use IE at places like Microsoft. Otherwise I use Firefox exclusively.

EDIT:

Nothing malicious in your log, but there are a few things we can tidy up and update.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: kvrt - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Let me know how you come out, and how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 28 April 2008 - 05:28 PM

Well upon loading one profile Yahoo Msgr hangs not responding, while McAfee Firewall froze up while nosing round it another profile. The third profile is password protected. The computer hangs for an age when trying to log off or initiate shut down. I'm for the nuclear option myself! A full blown wipe & reinstall. Maybe it's a software conflict???

When I look in applications tab of task manager there is always two instances of guilty application running, neither feels like shutting down any time soon! Surely there should only be one instance running?
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 28 April 2008 - 05:49 PM

A couple of things to look at : One, it could be McAfee. It's notorious for causing problems....try disabling it and see if that works. Two, have you tried uninstalling, then reinstalling Yahoo Messenger? I just hate for you to lose anything important if it can be avoided. :thumbsup:

Also, let's have a scan with this program so we can see what might be hiding :

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 29 April 2008 - 07:52 AM

I am glad of any options!!! But initially by un-installing McAfee it logs of with a swiftness never seen before!!! Who the man!!! You the man!!!

I'm fixing it for a friend they will be chuffed. I'd given up all hope tbh. Well cool! I'll try other suggestions but it looks like the culprit alright.
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 29 April 2008 - 09:14 AM

Hello,

Glad that did the trick. :thumbsup: I don't see any reason to look any further then. :blink: I don't see the AntiVirus running with McAfee, just the firewall.......do you need a regular AntiVirus for this computer?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 PM

Posted 29 April 2008 - 09:41 AM

What can I replace McAfee with, firewall wise? They have a paid up version of AVG sitting around at home. So will install that for antivirus.
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 29 April 2008 - 09:46 AM

Hi,

Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 03 May 2008 - 11:15 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users