| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65521 | 2006-01-21 03:20:00 | Modem or Mobo probs? | J ZEP (336) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 423138 | 2006-01-22 04:05:00 | Thank you all so much for the replies - where i am at now: i deceided to try "ewido", i had a copy on my flash drive anyway, i ran it before updating it - and it was starting to look promising as it picked up just "one" thing, so i fixed it - however further research showed it turned out to be a common false positive given from the 'ms antispyware program'. I am just finishing up a second scan with it now with the update on - o.k thats is finished and nothing in that scan... I am just about to do a hijack this scan now ewido has finished too. In answer to the questions: drcspy - This was happening before the ram upgrade. Graham - yes, once i connect to the net, after it comes right i can check email, browse etc... no probs. I wonder if you are on the right track with it looking for a network or the like, i just feel the activity is looking trying to do something, which is using the resources, but there is no sign of it. No, it has apparently been a home pc since new, but who knows what settings etc... have been changed? Any ideas where i could check for the network kind of settings that may effect that? Thanks so much to you all, i am getting a bit frustrated, so hopefully the hijack this log will show somthing - i am not sure wether to run it before i connect to the net or wait until its usable then run it. Anyay i will see what hijack this brings up! |
J ZEP (336) | ||
| 423139 | 2006-01-22 05:34:00 | Hi again, o.k heres the hijack this log - hopefully some nice person may be able to spot something in there, i cant see anything that looks too bad, however i have spotted a couple of things i am not quite sure what they are. Its showing the i.e google toolbar files etc... So would appreciate any help looking at the hijack this log please :) - hopefully something will stand out for one of you guys! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\sllights.exe C:\Documents and Settings\andrew\My Documents\Hijack This\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.nz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = start.mozilla.org O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{97CF4A80-B899-466E-BE03-367D5098FD96}: NameServer = 202.27.158.40 202.27.184.3 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks |
J ZEP (336) | ||
| 423140 | 2006-01-22 22:54:00 | Still no takers for the HJT log :help: I guess this must mean i haven't missed anything too sinister in it perhaps? I would still appreciate anybody in the know with HJT, taking a look through please, just to be sure ;). I am starting to resign myself to the fact it may be hardware again... I noticed on cold boot this morning it seemed o.k. This is obviously exactly why i didn't pick up on the problem initially... The day i was giving it back i had connected no probs too, so it appears kind of intermittent to say the least. Somtimes its o.k on cold boot sometimes not? I really don't know what to try next to be honest :( . :help: |
J ZEP (336) | ||
| 423141 | 2006-01-22 23:06:00 | The log looks fine to me. Run HJT again. You can tick this entry, and tick fix checked. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
Speedy Gonzales (78) | ||
| 423142 | 2006-01-23 02:20:00 | How about doing a Ctrl/Alt/Del and looking at what's running during the "extra busy" time? | Graham L (2) | ||
| 423143 | 2006-01-23 08:37:00 | Yes clt/Alt/del was one of my first thoughts, however its unusable when this is occurring, lol like everything else, just doesn't respond, i have this weird feeling it may be some/one of the xp services that needs to be disabled, thats all i can think of now... the thing is Zone alarm opens fine when this happens, and it doesn't show anything active so to speak... wouldn't the services that xp used by default still show up, they would have showed up in the HJT log too i would imagine? anyway i am going to look into info on the services side of things see if anything like that is causing it, but i am sure i would see that:). Thanks :) |
J ZEP (336) | ||
| 1 2 | |||||