|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Mayura
Trooper
Joined: Feb 06, 2004
Posts: 28
Location: Japan
|
 Posted: Mon May 24, 2004 9:41 pm Post subject: System freezing? |
|
|
Hello,
I've recently removed a variant called Look2me, which kept doing things such as redirecting my homepage and making my computer excessively slow.
However after removal, my computer has been crashing alot. About 10 min or more after switching it on, it freezes most of the timeand forces me to reboot again and again. Is this some sideeffect of the variant? |
|
| Back to top |
|
 |
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 4058
Location: Canada
|
| Posted: Mon May 24, 2004 9:50 pm Post subject: |
|
|
What method of removal did you use ?
What Operating system ?
It may be best if we have a look at a HijackThis log please:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. Most of what
it lists will be harmless or even essential, don't fix anything yet.
_________________
Cheers |
|
| Back to top |
|
|
Mayura
Trooper
Joined: Feb 06, 2004
Posts: 28
Location: Japan
|
| Posted: Mon May 24, 2004 10:08 pm Post subject: |
|
|
Thank you for your reply.
I removed it by a method that was taught to me here:
http://www.computercops.biz/postp183793.html
My OS is Windows XP and here is my Hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 5:11:35 AM, on 25/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\WINDOWS\System32\cisvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\Drivers\WTSRV.EXE
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\WINDOWS\System32\Rundll32.exe
D:\WINDOWS\System32\WService.EXE
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
D:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\cidaemon.exe
D:\Program Files\BitTorrent\btdownloadgui.exe
D:\Documents and Settings\aya\My Documents\hijackthis\HijackThis.exe
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] D:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [AxFilter] Rundll32.exe D:\WINDOWS\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [aČ] "D:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Annotate All.LNK = D:\Program Files\WIZARDPEN 4X3\PreAnntt.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Short Message (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...w-intl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauth...herpro.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me...Client.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C....082337963
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c...pi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab |
|
| Back to top |
|
|
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 4058
Location: Canada
|
| Posted: Mon May 24, 2004 11:04 pm Post subject: |
|
|
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] D:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [AxFilter] Rundll32.exe D:\WINDOWS\DOWNLO~1\AxFilter.dll,Rundll32
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
Reboot.
Go to system properties (right click MyComputer > properties) > Advanced tab > under
startup and recovery click settings > under System failure make sure "Write an event
to the system log" is checked AND that "Automatically restart" is UNchecked.
Click "OK" and reboot.
When you get your next BSOD, write down the entire STOP message.
You can post it here for help and/or check it at this resource.
http://aumha.org/win5/kbestop.htm
Go to Start > Control Panel > Performance and Maintenance > Administrative Tools >
Event Viewer.
Here You will see three "areas",. Application , Security and System.
Check, under system for Errors that happen at a time that corresponds with your crash.
Check them here using the event ID #
http://eventid.net/
_________________
Cheers |
|
| Back to top |
|
|
Mayura
Trooper
Joined: Feb 06, 2004
Posts: 28
Location: Japan
|
| Posted: Mon May 24, 2004 11:17 pm Post subject: |
|
|
| Thank you very much for your time and help. The crashing seems to have stopped after having been given your steps. Your help was much appreciated! |
|
| Back to top |
|
|
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 4058
Location: Canada
|
| Posted: Tue May 25, 2004 3:16 am Post subject: |
|
|
Glad we were able to help
Have a read here:
So how did I get infected in the first place?
NOTE: This thread is now closed. Should you need it reopened, please PM a mod.
Everyone else having a similar issue, please launch a new topic for yourselves.
Thank You.
_________________
Cheers |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
