Everything just... stops.

[Blarrrg]

Ok, this seems to happen a bit more frequently when I'm listening to music through iTunes, but it happens at other times as well. Every half minute to minute or so... everything just stops. Music, my cursor wont move, everything. Just freezes for about 3 or 4 seconds, and then resumes.

 

 

 

 

 

 

 

The weird thing is that when im listening to music and it happens, when it stops, the music doesnt skip ahead at all. It just resumes from the exact spot it stopped from.

 

 

 

 

 

 

 

No idea why this is happening, and it gets really annoying when playing UT2k4, and to relate it to runescape, when I'm... uh... fighting stuff. Yeah. Any ideas?

 

 

 

 

 

 

 

P.S. Just so you know, it's happend 6 times while I've been typing this post :|

[kitterycrypt]

Try adding more memory either that or tell me what kind of processor you have in ur computer.

[Blarrrg]

I have 512mb RAM, so I don't think that's the problem. 2ghz pentium 4.

[Jaswarbrick_2]

Welcome :)

 

 

 

 

 

 

 

Please open my computer and then open the C drive.

 

 

 

 

 

 

 

Click File > New > Folder and name it Hijackthis. Then download ]Hijackthis and save it into the new folder.

 

 

 

 

 

 

 

Run this online virus scan: Activescan Save the logfile from the scan, and post the Activescan log and a fresh Hijackthis log in your next reply please.

[Blarrrg]

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 14:09:42, on 10.16.2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\taskswitch[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ZONEAL~1\zlclient[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify[Caution: ExecutableFile]

 

 

 

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\EasyMP3\EasyRen[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\cfpsys[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\rundll32[Caution: ExecutableFile]

 

 

 

C:\Program Files\winupdates\winupdates[Caution: ExecutableFile]

 

 

 

C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\WhatPulse\WhatPulse[Caution: ExecutableFile]

 

 

 

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\devldr32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Diskeeper\DkService[Caution: ExecutableFile]

 

 

 

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wscntfy[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\MOZILL~1\firefox[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunes[Caution: ExecutableFile]

 

 

 

C:\HijackThis\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 

 

 

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

 

 

 

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

 

 

 

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONEAL~1\zlclient[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [wpib] C:\WINDOWS\wpib[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [EasyMP3 Track Rename] EasyRen[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Warning] cfpsys[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon[Caution: ExecutableFile]" -lang 1033

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

 

 

 

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] /auto

 

 

 

O4 - HKLM\..\Run: [stopSignSsTsMon] Rundll32[Caution: ExecutableFile] "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

 

 

 

O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav[Caution: ExecutableFile]" -k

 

 

 

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home[Caution: ExecutableFile] -min

 

 

 

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse[Caution: ExecutableFile]

 

 

 

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: D-Link AirPlus.lnk = ?

 

 

 

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

 

 

 

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

 

 

 

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

 

 

 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

 

 

 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

 

 

 

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

 

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O10 - Hijacked Internet access by New.Net

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

 

 

 

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

 

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26fee675102 ... xIE601.cab

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab

 

 

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

 

 

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

 

 

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag[Caution: ExecutableFile]

 

 

 

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd[Caution: ExecutableFile]" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

 

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon[Caution: ExecutableFile]

 

 

 

 

 

 

 

(I don't know why it says Internet Explorer at the top, I use Firefox.)

 

 

 

 

 

 

 

---

 

 

 

 

 

 

 

Activescan has been scanning for about 2 hours now, and according to the bar, it's only about 1/3 done. So, i'll edit this post once it finishes.

 

 

 

 

 

 

 

EDIT: Strike that, the bar lied. But the log is really, really long. Which, heh, probably isn't good >_>'

 

 

 

 

 

 

 

---

 

 

 

 

 

 

 

Also, I've just not noticed, ctrl alt del is not working. That worries me :x

 

 

 

Though, I'm also noticing that ctrl c and ctrl v aren't working either. so either both of the ctrl keys on my keyboard spontaneously stopped working, this is probably tied into it.

 

 

 

 

 

 

 

EDIT: After running Activescan, ctrl alt del WORKS!

 

 

 

But copy and paste still doesn't ;_;

[weezcake]

C:\Program Files\winupdates\winupdates.e3e is a virus.

 

 

 

 

 

 

 

winupdates[Caution: ExecutableFile] is a process associated with the Rbot Worm. It is an IRC backdoor trojan giving remote users access to your system. This program is a registered security risk and should be removed immediately. If found on your system make sure that you have downloaded the latest update for your antivirus application.

[Jaswarbrick_2]

Ok,

 

 

 

 

 

 

 

You should print out the following instructions, as we will be working in safe mode.

 

 

 

 

 

 

 

Reconfigure Windows XP to show hidden files:

 

 

 

Click Start. Open My Computer.

 

 

 

Select the Tools menu and click Folder Options. Select the View Tab.

 

 

 

 

 

 

 

Under the Hidden files and folders heading select "Show hidden files and folders".

 

 

 

Uncheck the "Hide protected operating system files (recommended)" option.

 

 

 

Uncheck the "Hide file extensions for known file types" option.

 

 

 

Click Yes to confirm. Click OK.

 

 

 

 

 

 

 

Download Winsockxpfix but do not run it yet.

 

 

 

 

 

 

 

I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:

 

 

 

 

 

 

 

First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

 

 

 

 

 

 

 

ÃÆââ¬Å¡Ãâ÷ From a computer that has Internet access, click on the following link:

 

 

 

]http://www.new.net/support/uninstall6_76[Caution: ExecutableFile].

 

 

 

ÃÆââ¬Å¡Ãâ÷ Download and save uninstall6_76[Caution: ExecutableFile] to Local Disc C

 

 

 

ÃÆââ¬Å¡Ãâ÷ Click on Start.

 

 

 

ÃÆââ¬Å¡Ãâ÷ Click on Run.

 

 

 

ÃÆââ¬Å¡Ãâ÷ In the Open window type, C:\uninstall6_76[Caution: ExecutableFile].

 

 

 

ÃÆââ¬Å¡Ãâ÷ Click on the OK button.

 

 

 

ÃÆââ¬Å¡Ãâ÷ After removal, you may be prompted to reboot. Please reboot if not prompted.

 

 

 

 

 

 

 

In case your internet connection breaks, run the winsock fix.

 

 

 

 

 

 

 

Open Hijackthis, and select "Scan only" and place a checkmark in the following boxes:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

R3 - Default URLSearchHook is missing

 

 

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.e3e (CAUTION - executable file)

 

 

 

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll

 

 

 

O4 - HKLM\..\Run: [wpib] C:\WINDOWS\wpib.e3e (CAUTION - executable file)

 

 

 

O4 - HKLM\..\Run: [Warning] cfpsys.e3e (CAUTION - executable file)

 

 

 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

 

 

 

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.e3e (CAUTION - executable file) /auto

 

 

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26fee675102 ... xIE601.cab

 

 

 

 

 

 

 

Then close all other windows and select "Fix Checked".

 

 

 

 

 

 

 

Boot into safe mode by restarting your computer and continuously tapping F8 and selecting "Safe Mode".

 

 

 

 

 

 

 

Click "Start > Control panel > add/remove programs and look for the following and remove them (if present):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

winupdates

 

 

 

netster

 

 

 

 

 

 

 

Then browse for the following and delete them:

 

 

 

 

 

 

 

C:\WINDOWS\system32\Userinit[Caution: ExecutableFile] <- File

 

 

 

C:\Program Files\NewDotNet <- Folder

 

 

 

C:\WINDOWS\wpib[Caution: ExecutableFile] <- File

 

 

 

C:\Program Files\winupdates <- Folder

 

 

 

 

 

 

 

Click start > search and search for the following and delete it:

 

 

 

 

 

 

 

cfpsys[Caution: ExecutableFile] <- File

 

 

 

 

 

 

 

 

 

 

 

Now reboot normally and post a fresh Hijackthis log please. How is your computer running now!

[Blarrrg]

Very awesome. Thanks for all the help. I'll do that tommorow, as I have to go very soon. ^___________^