1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Locked up again!

Discussion in 'Windows XP' started by mgbgtgrimm, Feb 1, 2007.

Thread Status:
Not open for further replies.
  1. mgbgtgrimm

    mgbgtgrimm Thread Starter

    Apr 22, 2002
    On my Toshiba laptop running W-XP SP2 it keeps getting 'locked up'. It locks up on shut down, booting, and launching programs. I had to wipe out my hard disk because I had to use the recover disk that came with this Toshiba junk Right now it is locked up with the Spysweeper screen up an the error message is "THIS PROGRAM CANNOT BE CLOSED BECAUSE IT IS LOCKED BY THE SYSTEM"!!! Got that when I did Ctrl/Alt/Del. When it locks on shut down I get same message, and same when locks on boot. Only way out seems to be UNPLUG!!! I've already lost everything anyways so it don't matter. Is this a TOSHIBA issue or a W-XP Home Edition SP2 issue??? grimmye:confused: :mad:
  2. valis

    valis Moderator

    Sep 24, 2004
    you probably are infected by something or other, or your profile is shot. When you say you had to use the recover disk, do you mean you reformatted your hard drive? If so, you are starting from scratch, and shouldn't have any issues.

    How much ram is in the machine?
    What speed is the processor?

    to check for an infection, do the following:

    Please do this:

    · Click here to download HJTsetup.exe
    · Save HJTsetup.exe to your desktop.
    · Doubleclick on the HJTsetup.exe icon on your desktop.
    · By default it will install to C:\Program Files\Hijack This.
    · Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    · Put a check by Create a desktop icon then click Next again.
    · Continue to follow the rest of the prompts from there.
    · At the final dialogue box click Finish and it will launch Hijack This.
    · Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    · Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    · Come back here to this thread and Paste the log in your next reply.
    · DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.
  3. mgbgtgrimm

    mgbgtgrimm Thread Starter

    Apr 22, 2002
    I have listed my HJT file below and added my Belarc Advisor profile which lists the features of my system. Hope I did right. Thanks. grimmye

    Logfile of HijackThis v1.99.1
    Scan saved at 6:13:01 PM, on 1/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\greg\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
    O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
    O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
    O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
    O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
    O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
    O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
    O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  4. mgbgtgrimm

    mgbgtgrimm Thread Starter

    Apr 22, 2002
    I guess my Belarc didn't up load so I did a copy/paste of the results. Hope this helps. grimmye

    System Security Status CIS Benchmark Score

    Available only for Windows 2000, XP Pro, and 2003

    Virus Protection


    Microsoft Security Updates



    Computer Profile Summary
    Computer Name: Laptop (in WORKGROUP)
    Profile Date: Monday, January 29, 2007 5:54:31 PM
    Advisor Version: 7.2h
    Windows Logon: greg

    Click here for Belarc's System Management products, for large and small companies.

    Operating System System Model
    Windows XP Home Edition Service Pack 2 (build 2600) TOSHIBA Satellite M55 PSM50U-01Z00W
    System Serial Number: 65265823K
    Enclosure Type: Notebook
    Processor a Main Circuit Board b
    1.73 gigahertz Intel Pentium M
    64 kilobyte primary memory cache
    2048 kilobyte secondary memory cache Board: TOSHIBA ECU00
    BIOS: TOSHIBA V2.10 05/08/2006
    Drives Memory Modules c,d
    99.83 Gigabytes Usable Hard Drive Capacity
    92.66 Gigabytes Hard Drive Free Space


    TOSHIBA MK1032GAX [Hard drive] (99.83 GB) -- drive 0, s/n 655L1952S, rev AB211A, SMART Status: Healthy 504 Megabytes Installed Memory

    Slot 'M1' has 512 MB
    Slot 'M2' is Empty
    Local Drive Volumes

    c: (NTFS on drive 0) 99.83 GB 92.66 GB free

    Network Drives
    None detected
    Users (mouse over user name for details) Printers
    local user accounts last logon
    greg 1/29/2007 5:18:23 PM (admin)
    local system accounts
    Administrator never (admin)
    ASPNET never
    Guest never
    HelpAssistant never
    SUPPORT_388945a0 never

    Marks a disabled account; Marks a locked account Microsoft Shared Fax Driver on SHRFAX:

    Controllers Display
    Intel(R) 82801FBM Ultra ATA Storage Controllers - 2653
    Primary IDE Channel [Controller]
    Secondary IDE Channel [Controller] Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family [Display adapter] (2x)
    LPL [Monitor] (2x)
    Bus Adapters Multimedia
    Texas Instruments PCIxx21/x515 Cardbus Controller
    Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
    Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
    Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
    Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
    Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C Realtek AC97 Audio
    Communications Other Devices
    TOSHIBA Software Modem

    1394 Net Adapter
    Intel(R) PRO/Wireless 2200BG Network Connection
    primary Auto IP Address: / 24
    Dhcp Server:
    Physical Address: 00:12:F0:83:95:8E
    Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    Physical Address: 00:0F:B0:86:1D:CE

    Networking Dns Servers:
    Texas Instruments OHCI Compliant IEEE 1394 Host Controller
    Microsoft AC Adapter
    Microsoft ACPI-Compliant Control Method Battery
    USB Human Interface Device
    Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Alps Pointing-device [Mouse]
    HID-compliant mouse
    Texas Instruments PCIxx21 Integrated FlashMedia Controller
    SDA Standard Compliant SD Host Controller
    USB Root Hub (5x)
    Virus Protection [Back to Top]
    McAfee VirusScan Version 10.0.27
    Scan Engine Version 5100
    Virus Definitions Version 4952
    Last Disk Scan on Sunday, January 28, 2007 2:13:57 AM
    Realtime File Scanning On

    Missing Microsoft Security Hotfixes [Back to Top]
  5. valis

    valis Moderator

    Sep 24, 2004
    well, the fact that you are:

    1. running xp on 256 mb ram is a big part of the problem, and
    2. running about 50 apps on startup is the other part. You need to go to http://www.sysinfo.org/startuplist.php, go through every one of those items listed in the first part of your hjt log (C:\WINDOWS\System32\smss.exe, for instance) and if it says it's not necessary to run, go to start > run > msconfig > startup tab > untick it. When you are done, reboot. That will cure a LOT of the problems. I still haven't figured out if you are infected yet, will work on that later, but get another stick of ram and trim down (trim? raze!) that startup list and a lot of your issues will go bye bye.
  6. mgbgtgrimm

    mgbgtgrimm Thread Starter

    Apr 22, 2002
    I have the laptop being able to access the internet but I haven't got it to be able to send something to the printer which is connected to the desktop, so I had to go log on to desktop and get your directions printed so then I can go and try it on laptop, which I will do.
  7. valis

    valis Moderator

    Sep 24, 2004
    okie doke......I"ll let you know here shortly if we need to move this to security or not.
  8. valis

    valis Moderator

    Sep 24, 2004
    log looks relatively clean. When you get done paring down your start up list, post a new hjt log; I want see what it looks like. You will need to reboot, and when it does, you will get a message saying you monkeyed with the system properties; just tick the 'don't show this box' in the bottom left and we are good to go.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Let me know how much kludge that finds.
  9. mgbgtgrimm

    mgbgtgrimm Thread Starter

    Apr 22, 2002
    OK I ran ATF Cleaner but I didn't write down the number in the little box but it had to be at least 15+ digits long. I tried to do the hjt thing but I'm confused because the window that pops up with the hjt info does not include any of the item's that are listed in the beginning of the NOTEPAD recording ea." C:\WINDOWS\System32\smss.exe", IT starts at the "R0-HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
    So I can't find the things in the first listing in the hjt window so I don't know what to check.
  10. valis

    valis Moderator

    Sep 24, 2004
    for the record, that made me laugh, so that's a good thing, as I'm not usually the funny type. 15 digits. Well, that's something at least. I would assume the machine is running a bit better now? Please do the following:

    Create a Startup List

    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • Check off the 2 boxes next to the Box that says "Generate StartupList log"
    • Click on the button "Generate StartupList log"
    • Copy and past the StartupList from the notepad into your next post

    Also, did you check the defrag state of your drive? Start > programs > accessories > system tools > disk defragger, click on c and click analyze. Let me know, roughly, how much is red (25%, 40%, etc). Also let me know if windows recommends defragging. If it does, you don't have to do it now, you can start it and let it run overnight. Something tells me you are going to see a LOT of red on that drive. Just a hunch.

  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540286

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice