Thread: WinME pausing. Really need help with this one.
View Single Post
  #12  
Old February 7th 05, 03:15 AM
MajBach1
external usenet poster
  
Posts: n/a
Default
Thanks again, Noel, for staying with me on this. I did start a post
yesterday to let you know what the latest was, but during my typing, the
mouse froze several times - and then unpaused ( typing is buffered during
this time but NO HDD activity , but on the fourth time, the pause lasted 20
minutes before I realize I had to hit the reset ( Ctrl -Alt -Del didn't
work). Of course, I wasn't in the mood to retype.
In a nutshell, there does seem to be a correlation between this symptom and
being connected to the net. I have observed that I can have absolutely no
throughput over the connection and still a pause can occur. I don't know if
I mentioned it, but my Ethernet card is from the dark ages. Although my
MxBoard has PCI, AGP and ISA slots, my modem, Ethernet and sound card are
ISA. Today, I uninstalled the Ethernet and connection software and
reinstalled them with USB drivers. I noticed a definite bandwidth loss and
the symptoms persisted.

I do want to figure this out but I think a reinstall is prudent
nevertheless. 'Been 2002 since I have had to done this so there's probably
loads of garbage. 'Couple of other quirky things I cannot figure out:
There is a desktop icon for WMP 9 series that reappears after I delete in on
every reboot.
Also, my Search function loads but when I enter a string it wont search. I
suspect that a recent upgrade to PowerDesk6 ( disk utility ) may have
something to do with this. Fortunately, it's search function is almost
identical and still functions.
Keep the advice coming,
Randy

Logfile of HijackThis v1.97.2
Scan saved at 22:05:24, on 2/06/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\VCOM\POWERDESK\PDDLGHLP.EXE
C:\UTILITIES\TRAYMENU\TRAYMENU.EXE
C:\PHONE\POP PEEPER\POPPEEPER.EXE
C:\PROGRAM FILES\BELL\ACCESS MANAGER\APP\TANGOMANAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\UTILITIES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} -
C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} -
C:\PHONE\LINKMAN\LINKMANCOM.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [asustweakenable] C:\PROGRAM FILES\ASUS\TWEAKING
UTILITIES\ATWEAK.EXE /start
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE"
/checktask
O4 - HKLM\..\Run: [VirusScan Online]
"C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe
/embedding
O4 - Startup: reminder.Lnk = C:\Extras\Reminder\reminder.exe
O4 - Startup: Dialog Helper.Lnk = C:\Program
Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Startup: TrayMenu.Lnk = C:\Utilities\traymenu\TrayMenu.exe
O4 - Startup: POP Peeper.Lnk = C:\Phone\POP Peeper\POPPeeper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download with GetRight -
C:\Phone\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser -
C:\Phone\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Privacy Bar (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) -
https://intranet2.flemingc.on.ca/nps.../LocalExec.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/26e309ea...p/RdxIE601.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab


"Noel Paton" wrote in message
...
MajBach posted the below privately

The saga of a CWS infection - AND a 180Solutions one! - immediately makes
me
think that something is still infested.

I'd use HiJackThis to see what else it comes up with - either post the log
here, or to one of the specialist forums (they'd certainly be better if
the
system is still badly infested, or has some of the more insidious CWS
cr$pware on it.

Look here for instructions

http://forum.aumha.org/viewtopic.php...a5284f8336c d