PDA

View Full Version : Can someome please look at this log?



stephan08611
17-04-2006, 11:10 AM
My system is taking forever to load and the cursor is intermittent at best. This takes place until Mcafee Auto-update does its thing and lasts maybe a minute after the last update. Uninstalled Mcafee and re-installed it, same thing.Ran Ad-aware,found 5 entries. Panda and Mcafee scans found nothing. Tried scandisk and defrag to no avail. I can't remember it happening after any certain download, it just started to take forever to load. Running Windows ME on HP Pavilion. If anyone does take the time to look at this, be advised your dealing with a cyber-idiot so please be as novice-friendly as you can. Thanx. Logfile of HijackThis v1.99.1


Scan saved at 6:51:00 PM, on 4/16/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
c:\windows\system\kb891711\kb891711.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\E01GTSPP\STARTUPLIST[1]\STARTUPLIST.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PIRDPAKI\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=yahoo_v.1_ie&bm=yh_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [keyboard manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [kb891711] c:\windows\system\kb891711\kb891711.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
O16 - DPF: {6C636F50-7EB2-11D2-883C-CA8C113EA37E} (McAfee Clinic QuickClean Class) - http://download.mcafee.com/molbin/Clinic/Clean/QuickClean/MGqcctl.cab
O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
O16 - DPF: {C97AF44D-92C4-11D3-A53B-005004678019} (McAfee Clinic Cleaner Control Class) - http://download.mcafee.com/molbin/Clinic/clean/clncore/clnctrl.cab
O16 - DPF: {41453CC4-288E-11D3-A53B-005004678019} (McAfee AppClean Appclean Class) - http://download.mcafee.com/molbin/Clinic/clean/appclean/appclean.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32.cab
O16 - DPF: {6A142B30-8662-11D3-9E34-00C04F57F6BB} (McAfee PC Clinic Backup Restore Class) - http://download.mcafee.com/molbin/Clinic/clean/restore/restore.cab
O16 - DPF: {F0A283CD-D316-11D3-A53B-005004678019} (McAfee PC Clinic FileWipe Class) - http://download.mcafee.com/molbin/Clinic/security/filewipe/filewipe.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2144d8777425b9692604/netzip/RdxIE601.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/verizonyahoo/TrueInstallVerizonYahoo.exe
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

tweak'e
17-04-2006, 12:11 PM
c:\windows\system\kb891711\kb891711.exe

disable this from startup. it tends to cause slowdowns.

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PIRDPAKI\HIJACKTHIS[1]\HIJACKTHIS.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\E01GTSPP\STARTUPLIST[1]\STARTUPLIST.EXE
not a good idea to run things from temp internet files. save it to a better location before running.

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\

not sure if your running mcafee firewall or not, i hope this is blocked from accessing the net.

Speedy Gonzales
17-04-2006, 12:17 PM
This entry looks suss

C:\WINDOWS\RUNDLL32.EXE - This should be in the System32 folder, not the windows folder.

C:\WINDOWS\RUNDLL32.EXE

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/verizonya...erizonYahoo.exe

This entry is also a bit suss

C:\WINDOWS\SYSTEM\KERNEL32.DLL - This by the looks of it, should be in the system32 folder as well. Not the system folder.

Whats this belong to??

O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup

Pancake
17-04-2006, 01:27 PM
These are the normal positions for the file. Yours is fine as you have ME.

Win 98 and ME
C:\WINDOWS\RUNDLL32.EXE and rundll.exe

Win 2000 and XP
C:\WINDOWS\system32\RUNDLL32.EXE


This one can be taken out of the log.
O4 - HKLM\..\Run: [system] C:\PROGRAM FILES\JAMMER\jammer.exe -startup

and these....

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

tweak'e
17-04-2006, 01:43 PM
after a bit of a google....jammer looks to be the early ver of outpost firewall. proberly best to uninstall it and use something better.

stephan08611
19-04-2006, 02:50 PM
The Jammer entry is a desktop lockup application from Homer P. Lee, not a firewall. I'm starting to suspect the Mcafee AV starting when I boot up. I disabled it and it booted up a tad faster. I do think the Jammer is a semi-culprit but I lost the disk I downloaded it from and until I can find something suitable I have to keep it. If you know of any lock-up downloads please let me know. Thanks for all your help, all of you.

stephan08611
20-04-2006, 02:55 PM
Jammer is my desktop lock-up application, password protected. It seems the Mcafee auto-update run-at-start-up was the culprit. I enable my AV as soon as I boot up and everythings working fine.