3x Windows XP SP2 Problems

Sean^DCT4 · 22-10-2007 5:54pm #1

Hi all,

I'm having 3 problems with my PC in work.

I have an icon on the Start Menu: "Reboot into Safe Mode" [See attachment]
System Restore does not work at all. It did work up until Friday.
Internet Explorer7 does not load Windows Update from the Start Menu either. Also, it appears to be blocking popups [no popup blocker installed or AV that would cause this]

All of these problems started on Friday for no apparent reason, it is a work PC I am using although there are no restrictions on it. So I am free to install whatever I like to fix the problem.

Windows Defender and AdAware07[Full Scan] find no errors..

Suggestions welcome.

thebman · 22-10-2007 7:17pm

Run a spybot scan which might detect some irregular settings and run a full virus scan.

SickBoy · 23-10-2007 8:51am

Like brim4brim said, run something like Spybot/Adaware and AVG in safe mode to be sure they can detect as much as possible.
Do not use the link from the start menu you pictured to go to safe mode though, that looks a bit fishy to me

unnameduser · 23-10-2007 9:25am

SickBoy wrote: »

Do not use the link from the start menu you pictured to go to safe mode though, that looks a bit fishy to me

Sure does.

Hijackthis ftw. Also, back up your data just in case.

Saruman · 23-10-2007 9:31am

Right click that link and click properties.. its probably an internet shortcut or some malware program.
Post your hijackthis log.

Sean^DCT4 · 23-10-2007 10:38am

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:31:16, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rational\ClearCase\bin\albd_server.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\AGB591.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Sean^DCT4\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ie/hws/sb/dell-row-rel/en/side.html?channel=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ie/hws/sb/dell-row-rel/en/side.html?channel=ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ie/hws/sb/dell-row-rel/en/side.html?channel=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sean^DCT4's Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=xxx.xxx.xxx.xxx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = xxx.xxx.xxx.xxx*;*.Sean^DCT4's Company.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-32904521-456938321-1481510878-3296\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'clearcase_albd')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sean^DCT4's Company.com
O17 - HKLM\Software\..\Telephony: DomainName = Sean^DCT4's Company.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Sean^DCT4's Company.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Sean^DCT4's Company.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Sean^DCT4's Company.com
O20 - Winlogon Notify: ccnotify - C:\Program Files\Rational\bin\ccnotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atria Location Broker (Albd) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\albd_server.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Rational Lock Manager (LockMgr) - IBM Corporation - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

--
End of file - 10935 bytes

That's the log from HijackThis. I have removed certain lines from the log for obvious reasons. I can't spot anything wrong in it at all. Hopefully I've missed something.. ?

Saruman · 23-10-2007 2:32pm

C:\WINDOWS\TEMP\AGB591.EXE
Anything that runs from temp like this cant be good. Check it out, remove it. If it somehow is legit then you can restore it as hijackthis makes a backup.

If it keeps appearing again then remove in safe mode.

As for the pop up blocker, the latest IE has it build in. Also i see you have or had google toolbar which also has a blocker.

Check the system restore service is actually running and not disabled or something. (services.msc)

Sean^DCT4 · 23-10-2007 5:18pm

Saruman wrote: »

C:\WINDOWS\TEMP\AGB591.EXE
Anything that runs from temp like this cant be good. Check it out, remove it. If it somehow is legit then you can restore it as hijackthis makes a backup.

If it keeps appearing again then remove in safe mode.

As for the pop up blocker, the latest IE has it build in. Also i see you have or had google toolbar which also has a blocker.

Check the system restore service is actually running and not disabled or something. (services.msc)

That exe in the Temp directory is associated with HijackThis.

I have disabled IE's popup-blocker but not Google's.

I have checked that Sys Restore is Started in the Services, which it is, I Stopped and re-started it anyway.

Still none of the problems I have are resolved

If it was my own PC I would have used my unattended XP setup disk I made and had XP back up and running in an hour.

I'll let the System admins sort it out now at this stage...

Thanks anyway.

Saruman · 23-10-2007 10:08pm

Sean^DCT4 wrote: »

That exe in the Temp directory is associated with HijackThis.

out of curiosity... how do you know this is part of hijackthis? i have never once seen anything like that before in any version of hijackthis that was not malware.
Possibly is but im wondering how you know it is?

sfc /scannow might sort out if there are some damaged files.
As might reloading SP2.

Sean^DCT4 · 24-10-2007 3:04pm

Saruman wrote: »

out of curiosity... how do you know this is part of hijackthis? i have never once seen anything like that before in any version of hijackthis that was not malware.
Possibly is but im wondering how you know it is?

sfc /scannow might sort out if there are some damaged files.
As might reloading SP2.

The exe in the Temp dir was a Trend Micro process according to its properties.

I have ran sfc /scanonce and chkdsk /f both of which found no errors.

I though SP2 was an accumulation of Windows hotfixes and therfore could not be just simply un-installed and re-installed. I could only imagine the mess it would create in the registry.

auggie2k · 24-10-2007 3:35pm

C:\Program Files\Free Download Manager\FUM\fumoei.exe - doesnt look nice...

http://www.hijackthis.de/logfiles/8e6c67202c73eabf75f84af0a5b73544.html

Sean^DCT4 · 24-10-2007 3:42pm

Free Download Manager was on the network drive and I was told to use it, I normally use Flashget at home.

I don't think this is the problem but I will uninstall FDM and fix with Hijack This

3x Windows XP SP2 Problems

Comments