|
| ||
| System freezing up.. please help Hi and thanks for your help first of all. Today my system has been freezing a lot, it was getting worse unil the mouse froze on screen so the only option I had was to reboot my system. It would do a disk check on start up and then go to the start windows page as normal but the mouse was still frozen so I just had to keep rebooting, disk checking, until finally the mouse came back into action....about 4-5 attempts. It checks disc D for consistency on the disk check stage. Then everything seemed back to normal and I was using the internet when the same thing happen this time I had to reboot the system about 10+ times before the mouse regained itself...is this a virus or a mouse probalem..please check out my hijackthis file and let me know what to do. Another thing I should mention is I went to burn a cd on my writer (ASUS 52 24 52) a couple of days ago and it couldn't read the disk, the last time I used it it was fine but that was some time back, it doesn't play any discs either, it just isn't registering them, the drive is on my computer but it doesn't seem to work? The driver is present. I'm not sure if this is relevant or a seperate issue and just a busted cdr. Thanks very much for your time. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:39 PM, on 2/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Winamp3\winampa.exe D:\WINDOWS\SYSTEM32\Mounter.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\WinZip\WZQKPICK.EXE E:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe E:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32 \pavdr.exe,D:\WINDOWS\system32\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\PROGRA~1 \Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1 \SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\PROGRA~1 \Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivX Free Codec] D:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0 \Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo! \Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\jc_link.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1 \SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4 -A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2- BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910- F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.flashbeer.com.au/player/vivid_ocx.jpeg O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BBB258-7E6B-4513-8A33-039E288E6026}: NameServer = 85.15.1.10,85.15.1.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1 \Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4 \ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- End of file - 8066 bytes |
| ||
| Re: System freezing up.. please help Give us some more info on the computer itself...how many hard drives, how full are they, how much RAM is installed? Have you done general clean up of the computer...removal of temp files, defrag and that type of thing? Have you done scans with your antivirus program AND with SpyBot? One thing which has probably nothing to do with your problem but can interfere with any fixes possibly needed is Turn OFF the SpyBot TeaTimer and leave it off. * Run Spybot-S&D in Advanced Mode * If it is not already set to do this, go to the Mode menu select Advanced Mode * On the left hand side, click on Tools * Then click on the Resident icon in the list * Uncheck Resident TeaTimer and OK any prompts. * Restart your computer Follow all the steps given HERE, Note the comment in RED about the Deckard Scanner, it isn't available anymore so you will substitute with a new Full System Scan with HiJackThis AFTER completing all the other steps. Save ALL requested logs...MBA-M, ESET Scanner and HJT. Post back with all those, in that order AND please in SINGLE space. Thanks. Judy |
| ||
| Re: System freezing up.. please help Hi and thanks very much for your time and instructions I have posted below following your questions to make it more clear, you're in red: Give us some more info on the computer itself...how many hard drives, how full are they, how much RAM is installed? LOCAL DISC C : Total size: 4.87GB free space: 2.29GB LOCAL DISC D: Total size : 11.6GB Free space : 4.21GB LOCAL DISC E: Total size : 11.6GB Free space: 4.89GB LOCAL DISC F: Total size: 10.0GB Free space: 6.58GB I have tried to delete as much as possible from my D drive...there is no music, video, pictures and hardly any files so I don't know why it is so heavy and what I could do to lighten it up. I'm not sure how to check the RAM...sorry... Have you done general clean up of the computer...removal of temp files, defrag and that type of thing? I have now with ATF cleaner Have you done scans with your antivirus program AND with SpyBot? Yes fixed the problems found : 22 items on Spybot followed up with Avast antivirus which came out clean. My system seems to be working better and haven't had any issues with the mouse again....yet? One thing which has probably nothing to do with your problem but can interfere with any ixes possibly needed is Turn OFF the SpyBot TeaTimer and leave it off. : DONE Follow all the steps given HERE, Note the comment in RED about the Deckard Scanner, it isn't available anymore so you will substitute with a new Full System Scan with HiJackThis AFTER completing all the other steps. Save ALL requested logs...MBA-M, ESET Scanner and HJT. Post back with all those, in that order AND please in SINGLE space... I'm not sure what you meant by SINGLE space so sorry if I didn't do it :) 1.Malicious Software Removal Tool: came up clean 2. Ran ATF cleaner 3. Other logs posted below as requested MalwareBytes’ Anti-Malware log came up clean too Malwarebytes' Anti-Malware 1.33 Database version: 1740 Windows 5.1.2600 Service Pack 2 2/9/2009 8:09:11 PM mbam-log-2009-02-09 (20-09-11).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 112735 Time elapsed: 1 hour(s), 26 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) • ESET Online Scanner log...in the instructions it said "Be sure the option to Remove found threats is Un-checked" so those threats have not yet been removed...shall I do the scan again to remove them? I had to type them out cos I didn't know how to save the log from the online scan 2 threats found; a variant of Win32/Adware.WurldMedia application D:\WINDOWS\system32\mobn.exe.>>WISE>>mbho2.dll a variant of Win32/Adware.WurldMedia application D:\WINDOWS\system32\mobn.exe • Uninstall List ACDSee 5.0 PowerPack Acrobat.com Acrobat.com Adobe Acrobat 4.0 Adobe Acrobat 5.0 Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 ADSL USB Modem Ahead Nero - Burning Rom Apple Software Update Ares 2.1.0 ASPMaker avast! Antivirus CCleaner (remove only) Corel Graphics Suite 11 Create and Print Plugin 3.6 (build 6013) Creative PC-CAM 300 Driver DivX Free Codec DriverAgent by eSupport.com EMUpgrade (D:\Program Files\EMUpgrade\) ESET Online Scanner FlashGet 1.9.6.1073 Highlight Viewer (Windows Live Toolbar) HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) HSP56 MR Drivers JawGrid v.1.0 jetAudio Macromedia FreeHand MX Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) MetaTrader Vinson 4.00 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2005 Redistributable MP3 CD Maker MP3 Compressor MP3 Wizard V2.0 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Mustek MDC 3000 Party Girl Screen Saver QuickTime RealPlayer S3Display S3Gamma2 S3Info2 S3Overlay Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Skype™ 3.8 Smart Menus (Windows Live Toolbar) Spybot - Search & Destroy Ultimate Pop-up Blocker 3.2 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) WinAce Archiver 2.0 Winamp3 (remove only) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites for Windows Live Toolbar Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Messenger 5.0 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip Yahoo! Anti-Spy Yahoo! Install Manager Yahoo! Messenger Yahoo! Toolbar Scan with HiJackThis AFTER completing all the other steps: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:10 PM, on 2/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\svchost.exe D:\Program Files\Winamp3\winampa.exe D:\WINDOWS\SYSTEM32\Mounter.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe F:\WinZip\WZQKPICK.EXE E:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\WINDOWS\system32\NOTEPAD.EXE E:\Program Files\HijackThis.exe D:\WINDOWS\system32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32 \pavdr.exe,D:\WINDOWS\system32\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\PROGRA~1 \Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1 \SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\PROGRA~1 \Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivX Free Codec] D:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0 \Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti- Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo! \Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\jc_link.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1 \SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4 -A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2- BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910- F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.flashbeer.com.au/player/vivid_ocx.jpeg O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BBB258-7E6B-4513-8A33-039E288E6026}: NameServer = 85.15.1.10,85.15.1.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1 \Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4 \ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- End of file - 8399 bytes Thanks again Judy....I noticed soooooo many Windows updates on my uninstall list...is this what's eating all my disc space on disc D? Can I delete some of it. In any case since I did the Spybot clean up things seem to be working pretty good again so hopefully it's OK now...thanks again for your assistance XX |
| ||
| Re: System freezing up.. please help Quote:
To find out how much RAM is installed right click My Computer and choose Properties. When System Properties opens right there on the 1st Tab which is the General Tab the last bit of information shown there will be how much RAM is installed. I would be interested to know. One thing I see that you have installed that is perfectly fine, but unnecessary is Ultimate Pop-up Blocker 3.2. IE 7 has a popup blocker, another one is not necessary. Also I see Ares 2.1.0, a P2P file sharing program, very dangerous thing to do. Up to you of course but P2P is a real easy way to get an infection. Can I ask where you are located? I ask because one entry in your HJT log points to Iran, are you in Iran? Run the ESET Scanner again and have it fix those items it found. Be sure to save the log. Reboot and run HJT again and place a check mark next to the following entries; O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Once you have placed the check marks then click the Fix Checked button. Exit HJT, reboot, run a new HJT scan and post back with that new log and the new ESET log. Judy |
| ||
| Re: System freezing up.. please help ok to b very certain about hardware keyloger or stuff , do a system scan with redix ..( a anti root kit ) . then ONLY if u can handle it , unplug hard disk , drive , ram .,,everything .. clean up ram with rubber , clear dust from board if there is any .. . try to use another mouse .. ,, or being system as it is , try booting from any live linux , use it for a while and see if mouse is still freezing or anything else.. it seems hard ware problem with drive .. go to manuf site and see for available firmware update if there is any.. |
| ||
| Re: System freezing up.. please help Danielle, just continue on with my instructions. Judy |
| ||
| Re: System freezing up.. please help Hi Judy and thanks again, Yes I'm in Tehran, I'm English but I'm living here at the moment unfortuneatly it gets a pretty bad rap in the Western media I assure you. It's a very developed society with warm friendly people and beautiful scenary and four proper seasons, it's been snowing lately which is great. OK...I did everything you said. I tried to remove the Ultimate Pop-up Blocker from my list but it said "could not loadinitialization file" ...I'll try it again later. I use Ares very rarely My RAM is : 1.70 GHz,224MB And I did the Eset scan again online and deleted the threats but I couldn't see anything for saving a log...I tried to copy and paste the results and that wasn't happening (it doesn't let you copy the highlighed results) so sorry I accidentally navigated away from the page and when I went back my scan results were gone...anyway I did the scan and the threats were deleted so it's Ok I think. I don't know how one can get a copy of the log on Eset cos it's not clear on the page. Anyway done and deleted. Here's my new HJT log and I think everything seems to be OK if you want to mark solved...thanks again for your time and help...X Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:49 PM, on 2/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Winamp3\winampa.exe D:\WINDOWS\SYSTEM32\Mounter.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe F:\WinZip\WZQKPICK.EXE D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\WINDOWS\system32\freecell.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Orion Trader 4\terminal.exe E:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivX Free Codec] D:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\jc_link.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.flashbeer.com.au/player/vivid_ocx.jpeg O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BBB258-7E6B-4513-8A33-039E288E6026}: NameServer = 85.15.1.10,85.15.1.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- End of file - 8132 bytes |
| ||
| Re: System freezing up.. please help Hi Judy and thanks again, Yes I'm in Tehran, I'm English but I'm living here at the moment unfortuneatly it gets a pretty bad rap in the Western media I assure you. It's a very developed society with warm friendly people and beautiful scenary and four proper seasons, it's been snowing lately which is great. OK...I did everything you said. I tried to remove the Ultimate Pop-up Blocker from my list but it said "could not loadinitialization file" ...I'll try it again later. I use Ares very rarely My RAM is : 1.70 GHz,224MB And I did the Eset scan again online and deleted the threats but I couldn't see anything for saving a log...I tried to copy and paste the results and that wasn't happening (it doesn't let you copy the highlighed results) so sorry I accidentally navigated away from the page and when I went back my scan results were gone...anyway I did the scan and the threats were deleted so it's Ok I think. I don't know how one can get a copy of the log on Eset cos it's not clear on the page. Anyway done and deleted. Here's my new HJT log and I think everything seems to be OK if you want to mark solved...thanks again for your time and help...X Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:49 PM, on 2/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Winamp3\winampa.exe D:\WINDOWS\SYSTEM32\Mounter.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\system32\ctfmon.exe F:\WinZip\WZQKPICK.EXE D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\WINDOWS\system32\freecell.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Orion Trader 4\terminal.exe E:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\getflash.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivX Free Codec] D:\Program Files\DivX Free Codec\Divx Free Update.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\jc_link.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.cab O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.flashbeer.com.au/player/vivid_ocx.jpeg O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{A4BBB258-7E6B-4513-8A33-039E288E6026}: NameServer = 85.15.1.10,85.15.1.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- End of file - 8132 bytes |
| ||
| Re: System freezing up.. please help I was only asking about your location because the log shows an internet connection or ISP located in Iran. Just wanted to be certain that it was ok. If we see something like that we have to check to be sure, because some hijacking of computers take place from locations very far from the computer, in other countries. I, myself am located in the USA. If my scan showed an ISP in London or Paris that would mean serious problems and certain steps would be required to reset to the correct ISP. That is a part of your log I can ignore then. I will go through the log and get back with you. EDIT: Here is what I see Danielle. You have a very SMALL amount of RAM for what is on the computer. This could certainly be a cause of the freezes. I would advise increasing this to at least 1 GB. RAM is very easy to install and a very inexpensive way to upgrade the computer. Now since you are in Iran I can't really tell you where to purchase it but you can go to http://www.crucial.com/ where you can do a free scan of the computer and they will tell you what options you have for additional RAM, the proper RAM to purchase. Now this is located here in the US so I don't believe you could order it through them, but I cannot say for sure. But what you would do is write down all their specifications and recommendations and then order it some place where you can receive it OR purchase it there. You have to get exactly what they say, there are different types of RAM and you must use exactly what is specified for your computer. Since your amount of RAM is low I would recommend stopping some of the auto starting programs and services which then run all the time in the back ground. This will save on memory usage. These would be ones which are not necessary for the actual running of the computer and can easily be run manually when you want to use them. To control these I suggest that you download this FREE program, CodeStuff Starter. Download and install. When you open the program you will see three Tabs. One for Start ups which are programs that run when the computer starts, one for Processes, which is just like the Task Manager on the computer which shows what is running on the computer, and one for Services which shows the Services that run when Windows starts and then run all the time in the background too. : Open the program, Click the Startup Tab and REMOVE the Check marks from the following entries; WinampAgent>>> Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don't take over as default player for various media types. Available via Start -> Programs QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards. It is advised that you disable this program so that it does not take up necessary resources. TkBellExe>>>Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. Not required. It is advised that you disable this program so that it does not take up necessary resources. Adobe Reader Speed Launcher>>>Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly and increase of opening speed is really negligible. It is advised that you disable this program so that it does not take up necessary resources. Yahoo Messenger>>>can easily be run manually. Just be sure you close it out totally when you are finished with it as it can put itself back into auto starts. WinZip Quick Pick>>>Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up. It is advised that you disable this program so that it does not take up necessary resources. Now for the sevices, and especially since you say this is rarely used I would remove this from auto starting in services tab. Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe Open the tab. The programs are listed in alphabetical order. When you see the one above, double click. The box will open and first of all click Stop the service. This will turn if off. Then in the center you will see Start up type and it is set to Automatic. Change that to Manual. Then it will only start if you want to start it. Close out the CodeStuff Starter program and reboot the computer. Judy |
| ||
| Re: System freezing up.. please help Hey Judy, Thanks SOOOOOOOOOOO Much for all your time and great assistance, your assistance was very thorough and you gave very clear instructions...I will add to your repuation cos you're a star. I will follow up on all the info you gave me and talk to my friend about installing some more RAM, he works in the Computer biz over here so should know exactly what I need. Thanks very much and Best wishes to you XX I will mark solved :) |
| All times are GMT -4. The time now is 11:56 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC