Jump to content


Photo

"Out of memory" errors and software crashes


  • This topic is locked This topic is locked
5 replies to this topic

#1 dburkhead

dburkhead

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 07 July 2009 - 09:17 AM

I was chugging along nicely yesterday, working on some software in VB 6.0 (the programming environment we use here) when suddenly my computer started acting "flaky." I had email running in the background (OE--what I have at work, I use Thunderbird at home), and I had checked email from time to time and cleaned out the "spam folder" a short time before.

Series of symptoms:

The computer is a Windows 2000 system, P4 Celeron type, with 2.5 GB of memory. The security is supposed to be McAfee, provided by ATT (our DSL provider).

- "Out of Memory" error when trying to copy a couple of short lines of code in a VB6.0 project. This was my initial indicator of a problem.
- Internet Explorer (I do not use it for browsing--I use Firefox) trying to open but crashing and generating a dialog to send an error report.
(At this point thought maybe just had corrupted settings so restart the computer.)
- On reboot a Hex editor (For files) program that we have opens with the contents of a file called "net.net" (Immediately begin thinking virus/worm/trojan.)
- Note that the McAfee icon is missing from the system tray.
- Try to start McAfee from the Start menu. Doesn't start.
(Getting big "uh oh" here. Go to another computer and do a search on McAfee's website for "net.net" (it's popping up in the hex editor without
any prompting from me made it a suspicious file.) It comes up as a potential trojan, so I try to use McAfee from this other computer to scan the file on the one having the problems.
- Comes up as infected with the "Adclicker.c" trojan, which matches what I found on McAfee's site for that.
McAfee had quarantined the file, so try rebooting the troublesome computer again.
- The hex editor does not come up, but....
- IE still tries to start and still crashes.
- McAfee is not in the system tray and does not start from the start menu.
- OE (which starts automatically on boot) _does_ start OK and gets messages.
Okay, so I figure to try an online virus scan from McAfee or Symantec (possibly run quicker than the remote scan from the other computer and I'm uncertain whether the remote scan will get the MBR). Attempt to use FireFox to go to the McAfee website.
- Firefox crashes when I attempt to start it.
- When I attempt to write a message in OE, I get a "not enough memory" error.
- And, IE keeps trying to start and keeps crashing.
Attempted to use McAfee on the other computer to scan the C drive on the faulty computer. That was slow so I let it run overnight.
- Only about half done when I came in. Had found 5 items and quarantined 3.

Other things I have found:
- "Search" doesn't work on the faulty computer.
- "Add/Remove Programs" won't fully open. Get the window but nothing in it.
- In some cases when IE is trying to open (on its own), instead of the
"ordinary" crash, I get a "memory could not be read" error.
- In the task manager, I see some McAfee processes running even though I cannot open the security center.

HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 9:44:13 AM, on 7/7/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\sopidkc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\DrvMon.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\user\LOCALS~1\Temp\b.exe
C:\Program Files\Sony Handheld\Hotsync.exe
D:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\POPFile\wperl.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\downloads\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asmicro.c...sonal_notes.htm
O1 - Hosts: 66.220.2.7 cs # quick shortcut to cold servings
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - D:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINNT\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\user\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\DEFAUL~1\protect.dll,_IWMPEvents@16
O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = C:\WINNT\system32\rundll32.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Keyboard Express 3.lnk = D:\Program Files\Keyboard Express 3\keyexp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run POPFile in background.lnk = C:\Program Files\POPFile\wperl.exe
O4 - Global Startup: Shortcut to announce.lnk = C:\docs\announce.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124723857703
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.cus...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...805/mcfscan.cab
O20 - AppInit_DLLs: ,C:\DOCUME~1\user\LOCALS~1\Temp\611041703640mxx.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BBWatcherService - CMS Products™, Inc. - C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINNT\system32\sopidkc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#2 dburkhead

dburkhead

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 08 July 2009 - 08:35 AM

On a suggestion I got from another venue, I'm taking the hard drive out of the computer and putting it into another as a secondary (non-boot) drive so I can run various anti-virus and anti-malware software on it. The original suggestion was to use a USB enclosure to connect it but I don't have a USB enclosure to hand but I do have a test-bed computer I can work on, one with a fresh complete drive image so I can always get back to my starting configuration.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 09 July 2009 - 10:50 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINNT\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\user\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\DEFAUL~1\protect.dll,_IWMPEvents@16
O4 - Startup: ChkDisk.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O20 - AppInit_DLLs: ,C:\DOCUME~1\user\LOCALS~1\Temp\611041703640mxx.dll
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINNT\system32\sopidkc.exe


Click on Fix Checked when finished and exit HijackThis.

Delete these files in bold.

C:\WINNT\system32\autochk.dll
C:\WINNT\system32\ChkDisk.dll
C:\DOCUME~1\user\LOCALS~1\Temp\b.exe
C:\DOCUME~1\DEFAUL~1\protect.dll
C:\DOCUME~1\user\LOCALS~1\Temp\611041703640mxx.dll
C:\WINNT\system32\sopidkc.exe

Please run Notepad and copy the following text into a new file:

sc config sopidkc start= disabled
sc stop sopidkc
sc delete sopidkc


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

Restart the computer normally.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingc...to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


p.s. before you submit the logs please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Delete the older version once you have successfully downloaded and installed the latest version.

Submit the logs.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 dburkhead

dburkhead

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 09 July 2009 - 04:51 PM

Thanks,

Since this is a mission critical computer, I've been following a somewhat different path.

Here's what I've done:

Put a new (actually factory refubished) HD into a test-bed computer and "restored" a disk image to it from this past February (recent enough as far as software is concerned--data has been backed up as soon as we started having trouble, using remote access from another computer since file copy-move in Windows Explorer was one of the things broken. The the new drive into the computer and restarted.

When the computer started up, everything ran fine, then I closed up the case and it died shortly after startup (locked solid). Opened up the case again and it ran fine.

Looks like heat at this point.

If that's not sufficient to explain my original problems I can put the old drive into the test bed as a secondary drive and run whatever tests are appropriate on it.

At the moment, my HJT log for the "fixed" system is:

Logfile of HijackThis v1.99.1
Scan saved at 5:51:44 PM, on 7/9/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINNT\system32\mgabg.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\WINNT\system32\DrvMon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Sony Handheld\Hotsync.exe
D:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\POPFile\wperl.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wuauclt.exe
C:\Znobackup\David\randomSIG.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\downloads\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asmicro.c...sonal_notes.htm
O1 - Hosts: 66.220.2.7 cs # quick shortcut to cold servings
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Implements Jammer - {09F0F280-FB9A-481B-B69A-CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - D:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINNT\system32\DrvMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Sony Handheld\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Keyboard Express 3.lnk = D:\Program Files\Keyboard Express 3\keyexp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run POPFile in background.lnk = C:\Program Files\POPFile\wperl.exe
O4 - Global Startup: Shortcut to announce.lnk = C:\docs\announce.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124723857703
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca06.cus...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...805/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0205481247156910) (0205481247156910mcinstcleanup) - McAfee, Inc. - C:\WINNT\TEMP\020548~1.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 10 July 2009 - 07:58 AM

The log is clean.

Please consider updating your Windows 2000 to SP4.

http://support.microsoft.com/kb/260910

===
For your information.
Microsoft Support Lifecycle
http://support.micro...ecycle/?p1=3071
===

Your computer may be at risk with an old version of Java. Check it out.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u14.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
    • J2SE Runtime Environment 6.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,095 posts

Posted 24 July 2009 - 08:44 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button