Forum Home
Press F1
Thread ID: 68584	2006-05-04 02:03:00	Frozen Screen	Lurking (218)	Press F1

Post ID	Timestamp	Content	User
451932	2006-05-04 02:03:00	Speedy, have downloaded HJT and log follows: Logfile of HijackThis v1.99.1 Scan saved at 12:54:18 PM, on 04-May-06 Platform: Windows 98 SE (Win9x 4.10.2222B) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Viralock.lnk = C:\Program Files\Sentrybay Corp\Viralock\ViraLock.exe O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - www.lizardtech.com O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - www-307.ibm.com O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - www.crucial.com O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com Is there anything bad in there. Thanks a million for your efforts in helping us out. Lurking	Lurking (218)
451933	2006-05-04 03:01:00	Boot into safe mode, run HJT again tick these entries and tick fix checked Lurk. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) It looks like this entry O4 - HKLM\..\Run: [LoadQM] loadqm.exe - can use quite a lot of system resources. When used with MSN Explorer and MSN Messenger. Not too sure if this is meant to run on startup O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe How much ram, is on this PC?? I think these 2 entries are pretty safe tho, for Win 98.	Speedy Gonzales (78)
451934	2006-05-06 05:29:00	Speedy, thanks for your reply. Took time off to play bowls and will have a go at your reply. Lurking.	Lurking (218)
451935	2006-05-07 02:23:00	Thanks Speedy, this IBM 300Gl fathers day present given to me last year, had 1 or 2 things left on it. Popup blocker: unable to get into Telecom's prepay $20, $30 and $75 highlights. How does one find this Blocker?. MSN Messenger. Never use it. An Error "Unable to start the application. Invalid class resource. Unexpected failure. OK", thankfully this has now disappeared, Sept to May it kept appearing after startup. Unable to get into Safe Mode using F8 or F5 key press on Win splash screen!!. Machine has 320mb memory and 74% used. Regards, Lurking. Ps. There are other split second flash screens on boot as well. lurks.	Lurking (218)
451936	2006-05-07 02:34:00	Hmm this entry belongs to MSN Messenger . Its loading on startup . O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background Umm dont know where this popup blocker would be . AFAIK 98 doesnt come with one installed . Whats its saying when you try to do whatever on these Telecom prepay sites? Unless you installed a popup blocker program from somewhere? Unable to get into Safe Mode using F8 or F5 key press on Win splash screen!! . What happens here? You cant get into safe mode at all? Any errors?	Speedy Gonzales (78)
451937	2006-05-07 03:23:00	Speedy, the following window, I click on any of the 3 values and the screen remains the same, the only change at the bottom left says "Done" . Last payment made was on the 1 Aug 2005, ha, ha that was on the old General, bl**dy good old P1 . Topup online 3 easy steps to Top Up your mobile Click the card value $20, $30 or $75 you want to buy . This will take you to the order form . Enter your credit card information and click 'purchase' . Your request is processed right then and there - you'll receive your Top Up number in a few minutes by e-mail to the e-mail address you provide! The amount you pay will appear on your next credit card statement . Then top up your mobile just as you normally would by calling us on *333 from your mobile . As you have pointed out Google Tool Bar was on the machine but I notice it is now Yahoo's tool bar . As a matter of interest, I do Community work and 1 is Community Watch and last Thursday I tried to Fax a abandoned car report through, but that would not work and when I opened up the computer on Friday it came up in Safe Mode and I managed to Restore it to a previous good boot . There are two Modem definitions under the Device Manager: HCF Modem Conexant PCI Modem Enumerator . Modem Conexant HCF V90 56k Data Fax PCI Modem . Which driver is causing this conflict and should be removed . It sure is great having such pleasing help from pressf1 users . Regards, Lurking . Ps . Kerio firewall is back and running well, perhaps there has been a Leak into the system . lurks .	Lurking (218)
451938	2006-05-07 03:36:00	Speedy, the following window, I click on any of the 3 values and the screen remains the same, the only change at the bottom left says "Done" . Last payment made was on the 1 Aug 2005, ha, ha that was on the old General, bl**dy good old P1 . Topup online 3 easy steps to Top Up your mobile Click the card value $20, $30 or $75 you want to buy . This will take you to the order form . Enter your credit card information and click 'purchase' . Your request is processed right then and there - you'll receive your Top Up number in a few minutes by e-mail to the e-mail address you provide! The amount you pay will appear on your next credit card statement . Then top up your mobile just as you normally would by calling us on *333 from your mobile . As you have pointed out Google Tool Bar was on the machine but I notice it is now Yahoo's tool bar . Can you take a snapshot of this and post it here ( . imagef1 . net . nz/upload/" target="_blank">www . imagef1 . net . nz) As a matter of interest, I do Community work and 1 is Community Watch and last Thursday I tried to Fax a abandoned car report through, but that would not work and when I opened up the computer on Friday it came up in Safe Mode and I managed to Restore it to a previous good boot . Like Neighbourhood watch? There are two Modem definitions under the Device Manager: HCF Modem Conexant PCI Modem Enumerator . Modem Conexant HCF V90 56k Data Fax PCI Modem . Which driver is causing this conflict and should be removed . I take it you're on dialup then?? Click on properties on the dialup . Go to the tab where it shows the modem . ( I cant remember whether the modem shows under dialup or not) . What modem appears here?? The HCF or Modem Conexant modem?? Obviously, the one thats connected now, works . Delete the other under modems or device manager (I cant remember whats in 98 now)! Does it show a X or ! in device manager under the modem entry/entries?? It could be a modem prob if you cant send a fax, and both modems are / or were faxmodems . Both modems arent installed now tho, I take it? When you tried to send a fax, did an error appear/crash, or nothing happened at all? And, is the modem you use for dialup (if you're on dialup) the same modem you use for faxing??	Speedy Gonzales (78)
451939	2006-05-07 04:33:00	Speedy, you won't believe this, I am holding the first "quote" screen open, as I have been able to get the $75.00 payment window open. Have sent Sonia at Telecom a scathing email, wanting more money out of their pre pay customers. Don't have a dig camera for this quote. Community Watch, 2 members drive around their Community Zone as in City Council electoral area. Just like the Nightwatchmen of old. Report anything untoward to Police Comms. Glue sniffers 1 night set fire to bush, which we reported in time and a stollen car with louts doing donuts on a building site, we of course keep our distance. 3 nights a month for 3 hours. South Auckland could use such a thing. This PC was a company excess and was a network job, the IBM 10/100 Ether and 16/4 Lan cards have been taken out. May have used the General previously. Time flies and all of the data on that machine I have deleted, so can't tell. May have to use both machines again, as I am doing another transcribing work on Census takes in North Wiltshire, England, currently the 1871 and the first CD details have been sent away some 5,000 names for the little town of Corsham. Irfanview software has been great to read the census forms from 17" screen to a 14" excel spreadsheet. Meals on Wheels is another Community service which I enjoy once a week. But computers is another story. None of those pretty Yellow exclamation marks besides any of the Modem Drivers. Thanks for your time Speedy. Lurking.	Lurking (218)
451940	2006-05-07 04:44:00	To take a snapshot press the prt scr key on the keyboard, paste it in Irfanview . Is this the Irfanview u have?? The free gfx program? And save as jpg/jpeg, then post to the site, in the previous post . No cam needed . Did you figure out which modem to delete??	Speedy Gonzales (78)
451941	2006-05-08 06:04:00	Speedy, thanks again, you have taught me something else, the only thing there is no JPG/JPEG in the drop down files. Yes the Irfanview is the free vers. perhaps that's why. Found the Popup Blocker there were two taskbars Google/Yahoo and blocker was ticked in there. It's 5pm and us oldies have to be off at 5pm. Will come back on the Modems. Lurking.	Lurking (218)
1 2 3