Ahoy,

I worked with Steamwiz a few weeks back getting rid of some adware and malicious viruses that I got injected with. We were able to get rid of all my pop-ups and get my HiJack this back to normal. We were still haveing a little trouble off and on with programs hanging up when I try to open them. We closed my ticket since it made sense but at this time I've dediced my hang up problem is serious enough to ask for help.

PROBLEM: I'm getting hung up about 25% of the time when I go to open a program by double clicking Icons on my desktop. Doesn't really matter if it is IE, Hijack This or Limeware. It still hangs up about 25-40 of the time. Sometimes if you leave it alone for about 5 minutes it will eventually open the program. I don't know if my security is too high, or maybe my virus issue ate away some of my essential program files? If anyone is available to work with me on this issue I would greatly appreciate the assistance.

Matt The Pirate (Power Metal Conissour)

Logfile of HijackThis v1.99.1
Scan saved at 10:17:56 AM, on 9/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:80
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: Captain Cooks Poker - {3545A8F5-EE6B-4c4a-AD88-9C437639A73D} - C:\Program Files\captaincooksMPP\MPPoker.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157227340828
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/355/webolr/OCX/FlashAX.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

I'll see if I can help, but first read this: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088059
While I do not suggest p2p files sharing because much of it is illegal, here is a link to where you can find safe files sharing programs:
http://kppfree.altervista.org/spylist.html
http://www.spywareinfo.com/articles/p2p/ << make sure you look at the LimeWire version.

C:\Program Files\Java\jre1.5.0_01 <<< Java is very outdated and will get you infected. See this information: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Check the scheduler, it is running and and not updating. Has a histroy of being buggy, if it don't work, turn it off to save your resources and update manually.

It is also a good possiblity that you have a driver that needs an update, it only takes one to hang a computer when the program is loading:
http://www.cyberwalker.net/columns/aug00/310800.html
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=update+drivers

You have a DPF here that is restricted, and one that is questionable in my book:
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
microgaming.com X {AED98630-0251-4E83-917D-43A23D66D507} IESPYADS Restricted Site

My suggestion, beside updating all drivers is that you do this:

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(first two Google items are damaged, remove them and if you use them, download them again when we are finished)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O9 - Extra button: Captain Cooks Poker - {3545A8F5-EE6B-4c4a-AD88-9C437639A73D} - C:\Program Files\captaincooksMPP\MPPoker.exe
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhel...7/dlhelper.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/35...CX/FlashAX.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

You have ewido onboard, update it and run a complete system scan removing anything it finds unless you know it is not bad. Then restart the computer and post a new HJT log, the ewido scan report and let us know if that took care of your problem.

Thanks

Here is the EWIDO report. Looks like not much found:


+ Created at: 11:23:03 PM 9/18/2006

+ Scan result:



C:\Documents and Settings\The Hot Mobile\Cookies\the hot mobile@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\The Hot Mobile\Cookies\the hot mobile@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.


::Report end

Here is my new HiJackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 11:28:54 PM, on 9/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:80
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157227340828
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

PSKelly,

I think I did everything you mentioned. For the DRIVERS info I really did not update anything. I read though some of the info you posted and one of the links eventually took me to the WINDOWS AUTO UPDATES homepage. I believe I already ran these updates and set myself up for auto updated on this page when I was working with Steamwiz. I don't know if that means my drivers are updated???

One thing I wanted to mention. When my computer loads and I go into my user. It seems to load and my Pop-up Stopper screen loads but then it waits about 5 seconds and then the pointer does the hourglass again like it loads something after that delay.

I will test more now and post if the problem seems to still be present.

Matt The Pirate

Yes, problem is still present. Randomly locks up when loading a program such as IE or HijackThis. When it hangs up I cannot even log out of my user or reset the computer at the start menu. I have to manually re-boot the CPU.

Also, I forgot to mention. As far as Java, I was able to remove the Java programs I currently had using add/remove programs. This seemed to work and they unistalled. As for adding the new Java Update 8, I attempted to load the version for WINDOWS and ONLINE. I'm not sure this worked. I don't see any Java in my add/remove programs.


M the P

Thanks for the feedback, I need to make you aware that I am here to remove malware. I may be able to point you in the direction of help for others issues, but it is not what I do. Having said that, let me look at the HJT log and I will try to comment on your questions and observations.

I have been wondering since I first looked at this log if you have removed stuff or placed stuff on the HJT white list? The log looks very small? Could you have stuff turned off in MSConfig and it now be showing in the HJT log?
The HJT log appears to be clean of malware at this time.

Understand this is not my area of expertise, though I can tell you if a program has an outdated driver it can cause it to "Hang" when it is loading:
The information I posted in the first link describes how to check for outdated drivers, you need to review it again. There are also programs that will do this for you but I do not use them and you will need to use Google to locate them.

One thing I wanted to mention. When my computer loads and I go into my user. It seems to load and my Pop-up Stopper screen loads but then it waits about 5 seconds and then the pointer does the hourglass again like it loads something after that delay.Try uninstalling the program to see if that stops the problem. Here is another free popup blocker: http://toolbar.google.com/T4/index_xp.html
I suggest the basic toolbar/popup blocker if you try that one, the rest they want you to download is eye candy and resource wasters.

Test your Java installation here:
http://www.java.com/en/download/installed.jsp

Sounds to me like you have computer problems beyond malware, here are two good free forums where you can get help:
http://forums.tomcoyote.org/index.php?showforum=83
http://www.bleepingcomputer.com/forums/forum56.html

Thanks

Thanks for all the advice. It looks like my computer is working good now. Turns out my mouse was going bad. Not sure if it was from downloading a new Java or replacing the mouse but things seem to be fixed. If I have further trouble with the hang ups I will visit one of the free sites you listed.

Rock On'
Matt The Pirate

Glad to hear that:bigthumb: you would have been able to get updated drivers for the mouse at the website of the manufacturer. They are reasonably price and it is probably a good thing to replace them when they act up.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Safe surfing..tashi:) will close the topic in a day or so.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Cheers. :)