Go Back   The Scream! > COMPUTER RELATED > General Software

Reply
 
Thread Tools Display Modes
  #1  
Old 14-January-2010, 19:32
Unpeeled
Guest
 
Posts: n/a
Default Snow+kids+games+porn+videos= buggered laptop

Evening All,

You may have noticed a bit of snow around the place?

It kept the kids out of college long enough to notice that using my laptop in the living room was much easier than lugging theirs down a whole flight of stairs.

Now my machine crashes, hangs, takes an ice age to load most applications.

Have tried defragging, run Ad-Aware, Advanced System Care and CC Cleaner.

Nothing works.

Any idiot proof tips? (please note idiot proof means you are talking to a man who prefers to turn his chair upside down rather than learn how to photoshop)

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #2  
Old 14-January-2010, 20:30
tommy t's Avatar
tommy t tommy t is offline
Screamager
 
Join Date: Feb 2008
Posts: 729
Default Re: Snow+kids+games+porn+videos= buggered laptop

Firstly do you have any anti virus/spyware apps installed on this machine?
if so are they set up correctly and running?
without knowing what is causing the problems it is difficult to advise on correct solution,
if you do have an av product installed then run a scan (if you already haven't done)
you could download a small app called hijack this, it when you run it will created a txt log file of all the running processes and add-ons installed in your web browsers and more,once generated you can post the log here and someone may well be able to tell you what the problem is,and identify the malware associated processes if your pc is infected
or you could download free av/antispyware app, or a trial version, to see if that finds it,
you could even visit av vendors web sites most have a free online scan but how reliable these are i could not tell you,

you can download trend micro hijack this from here:http://go.trendmicro.com/free-tools/...sInstaller.exe

personally i use internet security from here :http://www.bitdefender.co.uk/ you can download the free 30day trial,it is the full version hourly updates ,also they have an online scan

Last edited by tommy t; 14-January-2010 at 20:36.
Reply With Quote
  #3  
Old 14-January-2010, 20:39
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

Or.....

Go to the link below and download the MalWareBytes program and install it, let it update and run a scan, if it finds anything, Zap it/them.

It is Free for home use under the basic format, but buyable if you want the Pro version

It also keeps a log of what it finds.

Free version download is on the left.

http://www.malwarebytes.org/mbam.php
__________________
JR51.
Reply With Quote
  #4  
Old 14-January-2010, 21:34
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

thanks for the responses;

First up, I do have AVG (free) running a scan every day and it reports nowt.

I ran Ad-Aware and removed 80 odd things.

Advanced System Care isn't all that in the free version as it reports security issues that it will only address in the paid for version.

Sounds daft, but I feel that lots of stuff is running and dragging the system down (the little green light is always flashing away even when I've nothing open) and the Task Manager function is disabled for some reason, not that I know how to use it.

I do get a list of items from the Advanced System Care programme, it's bloody huge and The Scream says it contains 104 images (I can only see text) so here's the first batch:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

I haven't removed anything because I don't know vital from virus...

Cheers,

Shane
@ Unpeeled

Last edited by JohnnyReb51; 14-January-2010 at 21:57.
Reply With Quote
  #5  
Old 14-January-2010, 21:38
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

And the next batch...

C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BlueVoda Website Builder\BlueVoda.exe

Last one coming up.

Last edited by JohnnyReb51; 14-January-2010 at 21:57.
Reply With Quote
  #6  
Old 14-January-2010, 21:38
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

C:\WINDOWS\system32\svchost.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {45E20DC8-B3C1-43C9-8B05-4E9CFF8E65F2} - gxlx.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - file://C:\Program Files\Echo Electro\{49166432-F87B-49F3-AE97-CED77370825B}\localplayer\recording\yrecording.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_04) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.84.244.29:81/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

Last edited by JohnnyReb51; 14-January-2010 at 21:54.
Reply With Quote
  #7  
Old 14-January-2010, 21:39
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

That's everything that I've been able to find.

Sorry to be such a p in the a.

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #8  
Old 14-January-2010, 21:53
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

Is that log from Advanced System Care or HijackThis. ?

If its from HJT, some of it is missing, we need the whole log, which we can then put into an analysing program.

Did you try the program I posted ? It is free and does work well.

When you post a log with C : \ in it, they come out as smilies, when you reply, lower down the window is an option to Disable Smilies in Text, tick that box when posting logs.

I will edit the posts you have made that contain smiles.
__________________
JR51.
Reply With Quote
  #9  
Old 14-January-2010, 22:02
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Forgot to say, you can post the logs all in one go, being broken up makes it harder to view.

You can run Task Manager by right clicking on the taskbar on the bottom of your screen and selecting if from the context menu, or press CTRL+ALT+DEL at the same time, either should open the Task Manager.

If it will not open, then it usually means there is an infection running that stops you being able to stop that specific process.
__________________
JR51.
Reply With Quote
  #10  
Old 14-January-2010, 22:26
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hi,

That gang of gobbledy gook was from Advanced System Care.

I'll try and download the HJT thing and paste the report up.

All your help is appreciated.

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #11  
Old 14-January-2010, 22:36
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

Righto,

Disabled the smiley things and this is the full report from HJT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:31, on 14/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unpeeled.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vle1.homewood.kent.sch.uk/new/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = INET1-5408:8080
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\ntos.exe,C:\WINDOWS\system32\sdra64.ex e,
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: MSN helper - {45E20DC8-B3C1-43C9-8B05-4E9CFF8E65F2} - gxlx.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://homewoodmail/intranet
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - file://C:\Program Files\Echo Electro\{49166432-F87B-49F3-AE97-CED77370825B}\localplayer\recording\yrecording.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.84.244.29:81/activex/AxisCamControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk
O17 - HKLM\Software\..\Telephony: DomainName = homewood.kent.sch.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O21 - SSODL: WinApp - {C285CF22-115F-3252-41AC-F686D912C63D} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 11082 bytes

I've kept the HJT programme for the moment.

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #12  
Old 14-January-2010, 23:16
jacktar's Avatar
jacktar jacktar is offline
Screamager
 
Join Date: Aug 2005
Posts: 636
Default Re: Snow+kids+games+porn+videos= buggered laptop

I would delete these for a start, but that is just my opinion.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: MSN helper - {45E20DC8-B3C1-43C9-8B05-4E9CFF8E65F2} - gxlx.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)

Might be better to wait on JohnnyReb he's much better at this than me :lol
Reply With Quote
  #13  
Old 14-January-2010, 23:30
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

There doesnt seem to much wrong in that log, 99% are legite files, some others are missing files and a couple of unknown.

The first batch of 5 in bold below can definately be fixed using HiJackThis.

O2 - BHO: MSN helper - {45E20DC8-B3C1-43C9-8B05-4E9CFF8E65F2} - gxlx.dll (file missing)

O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O20 - Winlogon Notify: crypt - crypts.dll (file missing)

O21 - SSODL: WinApp - {C285CF22-115F-3252-41AC-F686D912C63D} - (no file)



This second batch needs your input, do you know the files/programs/game mentioned in them. If not, Fix them aswell.

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - file://C:\Program Files\Echo Electro\{49166432-F87B-49F3-AE97-CED77370825B}\localplayer\recording\yrecording. cab << Echo Electro ? do you know this program.

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab << SproutLauncher ? do you know this game.

This third batch also needs your input. Do you know this school domain, maybe your kids school/colledge ? If its legite, leave it in place, if you dont know it Fix them.


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk

O17 - HKLM\Software\..\Telephony: DomainName = homewood.kent.sch.uk

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = homewood.kent.sch.uk

Look carefully through the above list and run HiJackThis again, tick all the box's next to the corresponding entries above when it has finished scanning and press the Fix button. If you know what the entries are in the second and third batches, then leave them unticked.

As to what is causing your problem at the moment, isnt in that log from what I can see.

Run HiJackThis again and fix any entries required per the above list. Also run that Malwarebytes program afterwards to see if that picks anything else up.

I am going offline now, so will look in again tomorrow AM.
__________________
JR51.
Reply With Quote
  #14  
Old 14-January-2010, 23:40
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

Thank you, I'll get on those now.

Meanwhile... Task Manager claims to have been disabled by my administrator, don't know if that means anything?

See you tomorrow.

Cheers,
Shane
@ Unpeeled
Reply With Quote
  #15  
Old 14-January-2010, 23:59
jacktar's Avatar
jacktar jacktar is offline
Screamager
 
Join Date: Aug 2005
Posts: 636
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

I am going offline now, so will look in again tomorrow AM.
Originally Posted by JohnnyReb51 View Post
Old JR needs his sleep then
Reply With Quote
  #16  
Old 15-January-2010, 10:32
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Old JR needs his sleep then
Originally Posted by jacktar View Post
__________________
JR51.
Reply With Quote
  #17  
Old 15-January-2010, 10:33
everton66 everton66 is offline
Screamager
 
Join Date: Aug 2003
Location: UK
Posts: 1,068
Default Re: Snow+kids+games+porn+videos= buggered laptop

If the kids caused the problems you might be able to take preventative measures using Microsoft Family Safety - its free.
Reply With Quote
  #18  
Old 15-January-2010, 10:54
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

Its most likely a Virus has disabled Task Manager, unless it was done manually by someone.

See if this gets it back....

Go to Start > Run and type in gpedit.msc into the text box, OK it.

In the window that opens, on the left, under the heading User Configuration, click on the + sign next to the Administrative Templates folder, then click on the + sign next to the System folder.

You should now see a folder called CTRL+ALT+DEL, click on that and then look to the righthand window for an entry called Remove Task Manager

If it says its Enabled, double click on that entry and it will open the properties page, put a DOT into the Not Configured setting, click Apply and OK out of gpedit.

Restart the PC for it to take effect.

Then try CTRL+ALT+DEL and/or right click on the taskbar and select it from there.
__________________
JR51.
Reply With Quote
  #19  
Old 15-January-2010, 19:03
bouncingjohn's Avatar
bouncingjohn bouncingjohn is offline
 
Join Date: May 2001
Location: UK
Posts: 1,478
Default Re: Snow+kids+games+porn+videos= buggered laptop

Good grief! In all the years I've been using Windows (must be 20+) I've never noticed you could get to Task Manager by right-clicking the taskbar. Who says you can't teach an old dog new tricks?
__________________
Sensible children!! I have no power over them!
Reply With Quote
  #20  
Old 15-January-2010, 19:39
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Here's another trick for the old dog.

CTRL+SHFT+ESC Hey presto Task Mangler.
__________________
JR51.
Reply With Quote
  #21  
Old 15-January-2010, 20:34
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hallo,

This is quite fun...

I deleted the entries spotted by Johnny Reb, no difference to performance, sorry.

I tried the gpedit route to re-activate Task Manager and got a 'hang' after click on the + sign next to the Administrative Templates folder.

I tried the control-alt-delete thing and get a window... the box called 'Task Manager' is pale, inactive, un-clickable.

Still grateful, still hopeful.

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #22  
Old 15-January-2010, 21:20
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

The entries you deleted in HJT were just remnants left behind and some unknown entries, which needed addressing. I didnt think they would improve anything, lol.

Copy the whole line of text in the code window below, Sorry about the code window, the command is broken up when posted in a normal reply.

Then go to Start > Run and paste it into the text box, OK it.

Code:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Then try CTRL+ALT+DEL, or right click on the taskbar, you may need to restart the PC for it to take effect.

If that doesnt work, I have another fix in the way of a Registry file.
__________________
JR51.
Reply With Quote
  #23  
Old 15-January-2010, 23:46
jacktar's Avatar
jacktar jacktar is offline
Screamager
 
Join Date: Aug 2005
Posts: 636
Default Re: Snow+kids+games+porn+videos= buggered laptop

C'mon JR it's past your bedtime
Reply With Quote
  #24  
Old 16-January-2010, 01:10
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: Snow+kids+games+porn+videos= buggered laptop

is it late

I didn't know you could right click on the taskbar,. normally I type taskmgr into the run box, right clicking is probably quicker
Reply With Quote
  #25  
Old 16-January-2010, 10:15
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

C'mon JR it's past your bedtime
Originally Posted by jacktar View Post

Erm! 8:20pm, not quite, I have at least another 2 hrs before I get the evil eye, heha.
__________________
JR51.
Reply With Quote
  #26  
Old 16-January-2010, 21:35
driedekker driedekker is offline
Screamer
 
Join Date: Feb 2008
Posts: 1
Default Re: Snow+kids+games+porn+videos= buggered laptop

Erm! 8:20pm, not quite, I have at least another 2 hrs before I get the evil eye, heha.
Originally Posted by JohnnyReb51 View Post

get rid of avg since they went to 8 it hogs the system install Avast instead do this first its free to home user.
next is to look in the startup folder in programs stop whats in there.
uninstall google toolbar also
then for simplicity do a search for TUT (the ultimate Troubleshooter) get hold of it its worth the wonga.
All the Best
Reply With Quote
  #27  
Old 17-January-2010, 21:27
Unpeeled
Guest
 
Posts: n/a
Default Re: Snow+kids+games+porn+videos= buggered laptop

Evening All,

It's maybe all very easy for you guys, but you've saved me a whole heap of trouble, not to mention money.

System running much faster since following the genuinely idiot-proof instructions.

Alright, I haven't sorted the taskbar thing just yet, too busy catching up on work, but thank you all.

By the way, I ran a quick experiment; loaded porn, games, video and music. Ran the Malawarebytes after each, the only clean report was the porn site.

Cheers,

Shane
@ Unpeeled
Reply With Quote
  #28  
Old 17-January-2010, 21:44
JohnnyReb51's Avatar
JohnnyReb51 JohnnyReb51 is offline
Screamager
 
Join Date: Apr 2001
Location: UK.
Posts: 2,484
Default Re: Snow+kids+games+porn+videos= buggered laptop

Hiya.

Thats good news.

If the Task Manager code I posted doesnt work, you know where we are, lol.
__________________
JR51.
Reply With Quote
Reply

Tags
123, 419, context menu, files, free, google, hijack, hijackthis, home, intel, internet, key, laptop, line, messenger, music, network, player, screen, security, software, tools, virus, windows, wireless, zone

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 14:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!