| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68088 | 2006-04-17 00:10:00 | Can someome please look at this log? | stephan08611 (10225) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 446831 | 2006-04-17 00:10:00 | My system is taking forever to load and the cursor is intermittent at best. This takes place until Mcafee Auto-update does its thing and lasts maybe a minute after the last update. Uninstalled Mcafee and re-installed it, same thing.Ran Ad-aware,found 5 entries. Panda and Mcafee scans found nothing. Tried scandisk and defrag to no avail. I can't remember it happening after any certain download, it just started to take forever to load. Running Windows ME on HP Pavilion. If anyone does take the time to look at this, be advised your dealing with a cyber-idiot so please be as novice-friendly as you can. Thanx. Logfile of HijackThis v1.99.1 Scan saved at 6:51:00 PM, on 4/16/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE c:\windows\system\kb891711\kb891711.exe C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\ARES LITE EDITION\ARES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\E01GTSPP\STARTUPLIST[1]\STARTUPLIST.EXE C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PIRDPAKI\HIJACKTHIS[1]\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = wapp.verizon.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [keyboard manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [kb891711] c:\windows\system\kb891711\kb891711.exe O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - download.mcafee.com O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - download.mcafee.com O16 - DPF: {6C636F50-7EB2-11D2-883C-CA8C113EA37E} (McAfee Clinic QuickClean Class) - download.mcafee.com O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - download.mcafee.com O16 - DPF: {C97AF44D-92C4-11D3-A53B-005004678019} (McAfee Clinic Cleaner Control Class) - download.mcafee.com O16 - DPF: {41453CC4-288E-11D3-A53B-005004678019} (McAfee AppClean Appclean Class) - download.mcafee.com O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - download.mcafee.com O16 - DPF: {6A142B30-8662-11D3-9E34-00C04F57F6BB} (McAfee PC Clinic Backup Restore Class) - download.mcafee.com O16 - DPF: {F0A283CD-D316-11D3-A53B-005004678019} (McAfee PC Clinic FileWipe Class) - download.mcafee.com O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - software-dl.real.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - www.verizon.net O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - www.trueswitch.com O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - www.pcpitstop.com O16 - DPF: Yahoo! Literati - download.games.yahoo.com |
stephan08611 (10225) | ||
| 446832 | 2006-04-17 01:11:00 | c:\windows\system\kb891711\kb891711.exe disable this from startup. it tends to cause slowdowns. C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PIRDPAKI\HIJACKTHIS[1]\HIJACKTHIS.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\E01GTSPP\STARTUPLIST[1]\STARTUPLIST.EXE not a good idea to run things from temp internet files. save it to a better location before running. C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\ not sure if your running mcafee firewall or not, i hope this is blocked from accessing the net. |
tweak'e (69) | ||
| 446833 | 2006-04-17 01:17:00 | This entry looks suss C:\WINDOWS\RUNDLL32.EXE - This should be in the System32 folder, not the windows folder. C:\WINDOWS\RUNDLL32.EXE O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - www.trueswitch.com This entry is also a bit suss C:\WINDOWS\SYSTEM\KERNEL32.DLL - This by the looks of it, should be in the system32 folder as well. Not the system folder. Whats this belong to?? O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup |
Speedy Gonzales (78) | ||
| 446834 | 2006-04-17 02:27:00 | These are the normal positions for the file. Yours is fine as you have ME. Win 98 and ME C:\WINDOWS\RUNDLL32.EXE and rundll.exe Win 2000 and XP C:\WINDOWS\system32\RUNDLL32.EXE This one can be taken out of the log. O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup and these.... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com |
Pancake (6359) | ||
| 446835 | 2006-04-17 02:43:00 | after a bit of a google....jammer looks to be the early ver of outpost firewall. proberly best to uninstall it and use something better. | tweak'e (69) | ||
| 446836 | 2006-04-19 03:50:00 | The Jammer entry is a desktop lockup application from Homer P. Lee, not a firewall. I'm starting to suspect the Mcafee AV starting when I boot up. I disabled it and it booted up a tad faster. I do think the Jammer is a semi-culprit but I lost the disk I downloaded it from and until I can find something suitable I have to keep it. If you know of any lock-up downloads please let me know. Thanks for all your help, all of you. | stephan08611 (10225) | ||
| 446837 | 2006-04-20 03:55:00 | Jammer is my desktop lock-up application, password protected. It seems the Mcafee auto-update run-at-start-up was the culprit. I enable my AV as soon as I boot up and everythings working fine. | stephan08611 (10225) | ||
| 1 | |||||