Locked up again!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mgbgtgrimm

Thread Starter
Joined
Apr 22, 2002
Messages
490
On my Toshiba laptop running W-XP SP2 it keeps getting 'locked up'. It locks up on shut down, booting, and launching programs. I had to wipe out my hard disk because I had to use the recover disk that came with this Toshiba junk Right now it is locked up with the Spysweeper screen up an the error message is "THIS PROGRAM CANNOT BE CLOSED BECAUSE IT IS LOCKED BY THE SYSTEM"!!! Got that when I did Ctrl/Alt/Del. When it locks on shut down I get same message, and same when locks on boot. Only way out seems to be UNPLUG!!! I've already lost everything anyways so it don't matter. Is this a TOSHIBA issue or a W-XP Home Edition SP2 issue??? grimmye:confused: :mad:
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,002
you probably are infected by something or other, or your profile is shot. When you say you had to use the recover disk, do you mean you reformatted your hard drive? If so, you are starting from scratch, and shouldn't have any issues.

How much ram is in the machine?
What speed is the processor?

to check for an infection, do the following:

Please do this:

· Click here to download HJTsetup.exe
· Save HJTsetup.exe to your desktop.
· Doubleclick on the HJTsetup.exe icon on your desktop.
· By default it will install to C:\Program Files\Hijack This.
· Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
· Put a check by Create a desktop icon then click Next again.
· Continue to follow the rest of the prompts from there.
· At the final dialogue box click Finish and it will launch Hijack This.
· Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
· Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
· Come back here to this thread and Paste the log in your next reply.
· DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Be patient and a security expert will be along to assist you with this shortly. They can be identified by the gold badge next to their name.
 

mgbgtgrimm

Thread Starter
Joined
Apr 22, 2002
Messages
490
I have listed my HJT file below and added my Belarc Advisor profile which lists the features of my system. Hope I did right. Thanks. grimmye


Logfile of HijackThis v1.99.1
Scan saved at 6:13:01 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE
C:\Documents and Settings\greg\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

mgbgtgrimm

Thread Starter
Joined
Apr 22, 2002
Messages
490
I guess my Belarc didn't up load so I did a copy/paste of the results. Hope this helps. grimmye






System Security Status CIS Benchmark Score


Available only for Windows 2000, XP Pro, and 2003




Virus Protection


Up-to-date




Microsoft Security Updates


Up-to-date







--------------------------------------------------------------------------------

Computer Profile Summary
Computer Name: Laptop (in WORKGROUP)
Profile Date: Monday, January 29, 2007 5:54:31 PM
Advisor Version: 7.2h
Windows Logon: greg


Click here for Belarc's System Management products, for large and small companies.

Operating System System Model
Windows XP Home Edition Service Pack 2 (build 2600) TOSHIBA Satellite M55 PSM50U-01Z00W
System Serial Number: 65265823K
Enclosure Type: Notebook
Processor a Main Circuit Board b
1.73 gigahertz Intel Pentium M
64 kilobyte primary memory cache
2048 kilobyte secondary memory cache Board: TOSHIBA ECU00
BIOS: TOSHIBA V2.10 05/08/2006
Drives Memory Modules c,d
99.83 Gigabytes Usable Hard Drive Capacity
92.66 Gigabytes Hard Drive Free Space

MATSHITA DVD-RAM UJ-840S [CD-ROM drive]

TOSHIBA MK1032GAX [Hard drive] (99.83 GB) -- drive 0, s/n 655L1952S, rev AB211A, SMART Status: Healthy 504 Megabytes Installed Memory

Slot 'M1' has 512 MB
Slot 'M2' is Empty
Local Drive Volumes

c: (NTFS on drive 0) 99.83 GB 92.66 GB free

Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
greg 1/29/2007 5:18:23 PM (admin)
local system accounts
Administrator never (admin)
ASPNET never
Guest never
HelpAssistant never
SUPPORT_388945a0 never


Marks a disabled account; Marks a locked account Microsoft Shared Fax Driver on SHRFAX:

Controllers Display
Intel(R) 82801FBM Ultra ATA Storage Controllers - 2653
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family [Display adapter] (2x)
LPL [Monitor] (2x)
Bus Adapters Multimedia
Texas Instruments PCIxx21/x515 Cardbus Controller
Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C Realtek AC97 Audio
Communications Other Devices
TOSHIBA Software Modem


1394 Net Adapter
Intel(R) PRO/Wireless 2200BG Network Connection
primary Auto IP Address: 192.168.1.101 / 24
Gateway: 192.168.1.1
Dhcp Server: 192.168.1.1
Physical Address: 00:12:F0:83:95:8E
Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Physical Address: 00:0F:B0:86:1D:CE

Networking Dns Servers: 64.233.217.3
64.233.217.5
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
USB Human Interface Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Alps Pointing-device [Mouse]
HID-compliant mouse
Texas Instruments PCIxx21 Integrated FlashMedia Controller
SDA Standard Compliant SD Host Controller
USB Root Hub (5x)
Virus Protection [Back to Top]
McAfee VirusScan Version 10.0.27
Scan Engine Version 5100
Virus Definitions Version 4952
Last Disk Scan on Sunday, January 28, 2007 2:13:57 AM
Realtime File Scanning On

Missing Microsoft Security Hotfixes [Back to Top]
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,002
well, the fact that you are:

1. running xp on 256 mb ram is a big part of the problem, and
2. running about 50 apps on startup is the other part. You need to go to http://www.sysinfo.org/startuplist.php, go through every one of those items listed in the first part of your hjt log (C:\WINDOWS\System32\smss.exe, for instance) and if it says it's not necessary to run, go to start > run > msconfig > startup tab > untick it. When you are done, reboot. That will cure a LOT of the problems. I still haven't figured out if you are infected yet, will work on that later, but get another stick of ram and trim down (trim? raze!) that startup list and a lot of your issues will go bye bye.
 

mgbgtgrimm

Thread Starter
Joined
Apr 22, 2002
Messages
490
I have the laptop being able to access the internet but I haven't got it to be able to send something to the printer which is connected to the desktop, so I had to go log on to desktop and get your directions printed so then I can go and try it on laptop, which I will do.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,002
okie doke......I"ll let you know here shortly if we need to move this to security or not.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,002
log looks relatively clean. When you get done paring down your start up list, post a new hjt log; I want see what it looks like. You will need to reboot, and when it does, you will get a message saying you monkeyed with the system properties; just tick the 'don't show this box' in the bottom left and we are good to go.

Also:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Let me know how much kludge that finds.
 

mgbgtgrimm

Thread Starter
Joined
Apr 22, 2002
Messages
490
OK I ran ATF Cleaner but I didn't write down the number in the little box but it had to be at least 15+ digits long. I tried to do the hjt thing but I'm confused because the window that pops up with the hjt info does not include any of the item's that are listed in the beginning of the NOTEPAD recording ea." C:\WINDOWS\System32\smss.exe", IT starts at the "R0-HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
So I can't find the things in the first listing in the hjt window so I don't know what to check.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,002
for the record, that made me laugh, so that's a good thing, as I'm not usually the funny type. 15 digits. Well, that's something at least. I would assume the machine is running a bit better now? Please do the following:

Create a Startup List

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post

Also, did you check the defrag state of your drive? Start > programs > accessories > system tools > disk defragger, click on c and click analyze. Let me know, roughly, how much is red (25%, 40%, etc). Also let me know if windows recommends defragging. If it does, you don't have to do it now, you can start it and let it run overnight. Something tells me you are going to see a LOT of red on that drive. Just a hunch.

v
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top