Jump to content

Firefox3 and Chrome constant crashing


LordFett

Recommended Posts

I am working on a friend's laptop. He said his firefox started taking up huge ammounts of memory after running for a while so he started using Chrome. Now firefox crashes upon opening, it never gets as far as an actual browser opening, it just goes right to the crash report. chrome on the otherhand will open and try to load the last page visited or the start page then within 30 seconds it crashes.

Opera is running fine, IE runs ok but after 30 minutes or so it slows way down. I've scanned the system with NOD32, Avast!, Clamav, Adaware, PCTools Spyware Doctor, Spybot S&D and Malwarebytes anti-malware. Only thing that has been picked up by anything has been tracking cookies.

System is a Lenovo/IBM x40 laptop running XP SP3.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:29:09 AM, on 24-Nov-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\TpScrLk.exe

C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 6303 bytes

Edited by LordFett
Link to comment
Share on other sites


HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)

HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 24-Nov-08 2:52 PM 80 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Chrome Crash.doc.LNK 24-Nov-08 2:54 PM 454 bytes Hidden from Windows API.

C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Jedi Handbook 13a.doc.LNK 06-Oct-08 11:05 AM 1.05 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\nocturne\Desktop\Chrome Crash.doc 24-Nov-08 2:54 PM 20.50 KB Hidden from Windows API.

C:\Documents and Settings\nocturne\Local Settings\Temp\mmc12627FA0.xml 24-Nov-08 2:28 PM 0 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\nocturne\Local Settings\Temp\~DF4E61.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\nocturne\Local Settings\Temp\~DFAD88.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\nocturne\Recent\Chrome Crash.doc.lnk 24-Nov-08 2:54 PM 522 bytes Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083857.ini 24-Nov-08 1:10 PM 12.11 KB Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083858.ini 24-Nov-08 1:10 PM 22.85 KB Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083859.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083860.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083861.dir 24-Nov-08 1:10 PM 2.13 KB Hidden from Windows API.

C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083862.ini 23-Nov-08 10:41 PM 3.79 KB Hidden from Windows API.

These are the two that I'm most worried about:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

As this is when things really stopped working.

I've run Panda's antirootkit, rootkit buster, rootkit detective, removeany. I'm running gmer now.

Link to comment
Share on other sites

Anti-malware won´t fix this as the damage is already done, anti-malware is mostly made to prevent damages of data.

You can try to fix this but it will take you a long time; I would advise you to backup and reinstall the system other than loosing time searching where the real fault is hiding. You never know what is damaged beside those 2 files showing up in Hijackthis.

Link to comment
Share on other sites

To Lordfett ... I had same symptons you describe on a Laptop FF3.x w/ chrome

As a relative Newbie, I didn't go thru all you did to remedy but I saw posts elsewhere *

noting same.. some gave up back to IE6 or 7 ..as I am on another machine.

One thing I saw also related to the FlashGot plugin -- which I try to find an equiv. for in IE

* Maybe this compile due FF helps:

Firefox3 crashes

Edited by StaffnRod
Link to comment
Share on other sites

Ok ran everything in your tool kit Tarun.

Here is my new Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:48 PM, on 25-Nov-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\UPHClean\uphclean.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\TpScrLk.exe

C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe

C:\DOCUME~1\nocturne\LOCALS~1\Temp\BGQT.exe

C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: BOAHY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\nocturne\LOCALS~1\Temp\BOAHY.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)

O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 6040 bytes

And rootkit revealer:

HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)

HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)

Same problems, Firefox won't open at all now though and Chrome is being super crashtastic.

Link to comment
Share on other sites

Rename HijackThis to scanner.exe and check again, reposting your log. :)
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:00:38 AM, on 26-Nov-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\UPHClean\uphclean.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\TpScrLk.exe

C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Opera\opera.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)

O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 5856 bytes

Link to comment
Share on other sites

Did SUPERAntiSpyware or Malwarebytes find anything?

You log appears clean.

Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut.

Link to comment
Share on other sites

Did SUPERAntiSpyware or Malwarebytes find anything?

SUPERAntiSpyware might have found some tracking cookies, malwarebytes found nothing.

You log appears clean.

That is what I thought.

Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut.

Restarted it with all add-ons disabled and it started. I ran an update and everything was up to day except for noscript.

List of add-ons:

Adblock

Broadband Speed Test and Diagnostic

Domain Details

Forecastfox

Foxmarks

Gmail Manager

Gmail Space

IE Tab

Java Quick Starter (not sure about this one, I don't remember installing it for him nor does he remember it)

Noscript

Speed Dial

Any idea about Chrome? I'm going to try and reinstall it shortly.

I reenabled all of the addons in FX3 save the Java quick starter and it came right up.

Link to comment
Share on other sites

Not wanting to butt in, although I found much of what Tarun mentions and

your noted Add-ons are covered and ..

Thought Maybe this compile of links due FF Crashes helps: :unsure:

http://www.blogsdna.com/430/9-fix-for-fire...ing-problem.htm

Now I have to decide if its worth it to go FFox just to enable use of FlashGot...

as it doesn't look like I'm getting any replies to my 'FlashGot..equiv. plugin for IE7'

topic posted in MSNF ... :(

Link to comment
Share on other sites

Well since I started running Firefox without that java plugin both FX3 and Chrome are running fine.

thanks for the help Tarun and that link Staffnrod.

WaLa ... one hand does feed the other

Your discovery / mention of the Java script plugin issue,

may well be the reason BIG poor perf. / FX crashes on my other Laptop,

gave hesitation to my reasoning... to move back to FFox3 currently

Further investigation ongoing.. w/ all help/guidance as posted above

THX :thumbup

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...