frozen screens

**iresqu** · 08-19-2007, 05:38 PM

OK deleted old Java and downloaded new and verified per your instructions. I was able to navigate some through the secure site then it freezes up again. I did try to use IE just to see if it was a Firefox prob. And it was strange, the login screen takes me to pdf screen wanting me to agree to brokerage agreements like when I first opened the acct.! I tried it twice to make sure....same login as Firefox but takes me into my acct. IE sends me to PDF to agree to the acct. opening agreements. All other sites I visit including email work fine including this one.

**jholland1964** · 08-19-2007, 09:57 PM

Some strange goings on, that is for sure. Plus that log is still awfully short.
First of all I want you to rename hijackthis.exe to analyze.exe.
This next step may seem difficult, it isn't, just take your time, if you need to then print out the instructions so that you will have something to refer to because while running this next program you shouldn't do anything with the computer unless instructed;

Download:
- ISeeYouXP.zip by ShadowPuterDude

Extract the contents of ISeeYouXP.zip to the root directory of drive C:\. This will create a folder named ISeeYouXP in the root directory of Drive C.

Using Windows Explorer (right click the Start button and select Explore to open Windows Explorer) navigate to C:\ISeeYouXP and locate:
ShowIt.bat
ISeeYouXP.bat

Double-click each batch file, in the order listed, to run the scripts.

( Do not attempt to run this program from inside the ZIP file or by using Winzip or similar tool. it will not work properly. )

Possible Error Messages

If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS

C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.

To fix the above error message, choose the download below which is appropriate for your system
- For Windows XP Pro: download and run: XPproFix
- For Windows XP Home: download and run: XPHomeFix
- For Windows 2000: download and run: W2KFix
Then run ISeeYouXP.bat again and attach the log.
A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\ VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

Attach the following logs:
ISeeYouXP
HijackThis

**iresqu** · 08-21-2007, 11:19 AM

Renamed to analyze.exe will post the scan below.

I think I did the iseeyou correctly. again I am a NOVICE so I dont even know what a "root directory" is so I cannot be sure I am saving it correctly. Unfortunately I need directions like....right click and choose this, then left click on ..... and choose this etc etc. Yes there are people like me out here ! LOL Again I believe I did it correctly but not 100% sure. When I double click on showit.bat it has 2 lines of text at bottom of screen: "press any key to close window" and below that line ... "press any key to continue" so I press any ke and it dissapears...naturally! no log created any where that I can see anyway.

Iseeyouxp.bat runs something very quickly when I double click it and the windo closes, its only a split second and I cant read anything......no logfile that I see saved somwhere.

Logfile of HijackThis v1.99.1
Scan saved at 11:03:54 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjtscan.exe\Analyze.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

**jholland1964** · 08-21-2007, 11:43 AM

You need to run off that Spybot TeaTimer. It can interfere with various scans.
Start Spybot S & D, in the Menu, Select Mode and Click Advanced Mode
Click Yes in the confirmation dialogue box.
Now, in the left pane, click on Tools to expand the menu. Click on Resident and REMOVE the checkmark from Resident TeaTimer.

Now to see if you can find the iseeyou log by going to C:\ISeeYouXP
open it up and see if you can find a log file in there. It will be called ISeeYouXP.txt.

**iresqu** · 08-21-2007, 12:54 PM

ok teatimer turned off.

I looked for the iseeyouxp.txt there is not one. The only txt file is the pcbutts.txt blog file that downloaded with the iseeyouxp program. that is the only txt file.

**jholland1964** · 08-21-2007, 01:51 PM

Ok, you found the program file. That is good.
Now go back in there and
(see my attachment)
1st Double-click on ShowIt.bat
You should see a small dos screen and it will tell you Press any key to close. Press any key and it will close.
Then
2nd Double-click on ISeeYouXP.bat

What you should then see is a small dos screen and the scan will take place. Once it is complete then you should have the log open in notepad. In notepad go to File, Save As, and tell it to save as a text (.txt) file on your desktop.

**iresqu** · 08-21-2007, 03:42 PM

OK I did that. I see the DOS screen for a fleeting moment and it goes off, nothing remains, there is no notepad screen to save to a txt file etc.

I ran it again(iseeyouxp.bat) and quickly right clicked and it said "the system cannot find the path specified" several times in a row.

**jholland1964** · 08-21-2007, 03:51 PM

I will do some checking on this error. In the meantime can you please run, using Internet Explorer, the Kaspersky Online Scan.
It will NOT fix anything but WILL generate a log showing any infected items and their locations.
Post back here with that log.

**jholland1964** · 08-21-2007, 08:32 PM

You are still running the ISeeYouXP program from within the zip file, this is why it does not run properly.
You must extract the contents of ISeeYouXP.zip to the root directory of drive C:\. This will create a folder named ISeeYouXP in the root directory of Drive C.
In other words when you extract the file you will be asked WHERE you wish to extract the program to...choose "C".
Once you have done that follow the directions given. You should be able to run the program and save the log as directed above.

Post it here.

Another program you need to run is ComboFix
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

**iresqu** · 09-02-2007, 01:59 PM

J-

sorry for the long departure, was out of town and forgot to let you know, sorry.

Finally got Iseeyou.txt file

I am currently trying to get Kapersky run on IE.

Rich

Thread: frozen screens

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions