|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
07-23-2006, 07:50 PM
|
#1 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Turn off computer twice
Tosh Laptop
XP Pro sp2 Celeron 2.8ghz 704mb RAM Having ran adaware, S&D, ewido a few others too, and had a look at the HJT log, I still find I've got trouble switching off the PC, infact I have to press the "turn off computer" button two times. After the first go at switching off, I lose a few items in the task bar and I can't expand it to see what's there. I can still use all programs and go online too. I can use the PC for an unlimited time before deciding to switch off completely. I've also had a "systemerrorshield" pop up, but the PC doesn't have virtumundo or winfixer or anything like that. It's only an IE window with an address for systemerrorshield in the title bar and only one line in the main window showing the same address. A harmless pop up, but annoying as it can pop up at any time (only 1 time during each session though). Any help is much appreciated. cheers Alex |
|
|
|
07-23-2006, 08:02 PM
|
#2 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
What have you got running in "MSCONFIG" "Start Up" ?
Can you post the log from your HJT scan here?
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. Last edited by rjfvillarosa; 07-23-2006 at 08:20 PM. |
|
|
|
|
07-23-2006, 08:42 PM
|
#3 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
There's a folder in Program Files called Outlook. It was hidden in there, but it looks like there's nothing in the folder. All the other Start Up items are recognised as OK.
Logfile of HijackThis v1.99.1 Scan saved at 02:32:06, on 24/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe C:\Program Files\Climate Change Experiment\boinc.exe C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Alex\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Startup: carling_clock[1]1888266444.lnk = C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\6CEWJEKC\carling_clock[1].exe O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ? O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cas0xsesesm - ATI Technologies Inc. - (no file) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
|
|
07-23-2006, 08:51 PM
|
#4 | ||
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Go to "msconfig" "staup up" and uncheck all of these:
Quote:
Quote:
Last edited by rjfvillarosa; 07-23-2006 at 08:53 PM. |
||
|
|
|
|
07-23-2006, 08:59 PM
|
#5 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Just unchecked all the start ups and fixed those 4. I'll reboot now.
Logfile of HijackThis v1.99.1 Scan saved at 02:58:14, on 24/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe C:\Program Files\Climate Change Experiment\boinc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe C:\Documents and Settings\Alex\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ? O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cas0xsesesm - ATI Technologies Inc. - (no file) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
|
|
07-23-2006, 09:07 PM
|
#6 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Rebooted twice there and that is it fixed. But I've not really deleted anything. Could it have been the outlook folder in Prog Files? Should I go there and take it out?
|
|
|
|
|
07-23-2006, 09:13 PM
|
#7 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
If you are sure there is nothing in that folder then leave it alone, it could have something to do with OutLook Express or Microsoft Office OutLook.
|
|
|
|
|
07-24-2006, 03:29 AM
|
#8 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
The folder was created on the 21st July 06, All other important ones were creadted in December 04 (ones with progs which came with the PC). It definitley is empty though, there are no hidden files in there.
I am still getting System error shield coming up in an IE browser though. ***Edit addresses*** thats the text in the main window (nothing else - not hotlinked or dressed up, plain text) Last edited by alexcraw; 07-24-2006 at 08:27 AM. |
|
|
|
|
07-24-2006, 07:29 AM
|
#9 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Anybody reading this please DO NOT click on those links above they will infect your machine with the same problems Alex is having.
Sorry Alex those links have got to go they are dangerous. Can a Mod please remove the links? I am going to re-read your HJT logs to see if we can get rid of them. Last edited by rjfvillarosa; 07-24-2006 at 07:32 AM. |
|
|
|
|
07-24-2006, 07:45 AM
|
#10 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Use HJT to get rid of these two.
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCast...0_20060123.cab Follow this link to the Bleeping Computer forums http://www.bleepingcomputer.com/forums/topic57145.html someone there has a similar problem, the second post talks about an infection by "Oin" and has a link to an uninstaller, try that and let me know how you get on. Last edited by rjfvillarosa; 07-24-2006 at 08:08 AM. |
|
|
|
|
07-24-2006, 08:27 AM
|
#11 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I'm at work right now, but I can tell you that the PC is still showing this singular pop up of systemerrorshield per session.
The two HJT entries are for live streaming of sport, and I use them now and then. I know they are definitley not associated to systemerrorshield. |
|
|
|
|
07-24-2006, 08:31 AM
|
#12 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
I have to go out now on a few service calls, let me know if that link to bleeping computer produces anything. I am enjoying this thread and knowing some of my customers I am sure the discussion here is going to come in useful soon.
 Quote:
Last edited by rjfvillarosa; 07-24-2006 at 08:34 AM. |
|
|
|
|
|
07-24-2006, 02:20 PM
|
#13 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Glad you were entertained, while I was frustrated
 Well, I've (reluctantly) taken out those entries (as the football season is about to start), I'll reboot...... Done that, without difficulty as regards the two presses of "off". My girlfriend assures me that the pop up re appeared at about half 3 today. I'll edit this post as soon as I spot the wee blighter. Cheers for now. Last edited by alexcraw; 07-24-2006 at 02:26 PM. |
|
|
|
|
07-24-2006, 03:01 PM
|
#14 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Have you tried the Oin uninstaller on the bleeping computer site?
|
|
|
|
|
07-24-2006, 03:46 PM
|
#15 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Not yet, but I have been playing around with the startup items in msconfig. I've discovered that disabling:
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER stops the PC from requiring two presses of the off button. All others are re enabled. I'll give that Oin thing a go now. |
|
|
|
|
07-24-2006, 04:00 PM
|
#16 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
After being told that the OIN had uninstalled completely, I restarted, well tried to. It seems that disabling only the RealPlay.exe doesn't do the trick. dammit.
 systemerrorshield hasn't popped though - fingers crossed. 
|
|
|
|
|
07-24-2006, 07:26 PM
|
#17 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Uninstall realplayer it is a right Royal pain, install realplayer alternative instead:
http://www.free-codecs.com/download/...lternative.htm |
|
|
|
|
07-25-2006, 02:48 AM
|
#18 |
|
brewer, mostly...
Join Date: Jun 2004
Location: Laying on the floor, in the brewery
Posts: 1,315
|
RFV----
You are right. I have learned much from this thread. Thanks for the warning about the links! -Kev
__________________
Symantec-free zone. To stay malware free: AVG antivirus/antispyware, Malwarebytes anti malware, Commodo Pro free firewall, ccleaner, Windows updates. or.... just install Linux Too many computers in this house to list. They are all my builds, some AMD some Intel... |
|
|
|
|
07-25-2006, 07:47 AM
|
#19 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,105
|
Alex can you run another HJT? run it right at startup before you click anything else, have a shortcut on your desktop and the moment windows boots into the desktop run the HJT.
I have an hour spare this morning and I am going to see if I can find out what happened with that guy in Greece who was having the same problem. not so loud Kev, he told me off for having fun at his expense.....
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
