Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > mpbtn

Reply
Thread Tools

mpbtn

 
 
Gordon
Guest
Posts: n/a
 
      02-11-2004
Hi,
Can any one assist again please.
Have two processes running which I am unsure of,
MPBTN.EXE
and E_S4IOF2.EXE
Google search takes me to www.pacs-portal website, and a search from there
takes me to computer cops. suggesting a browser hijacker, but the site
search isnt compatible with Netscape 7.1
Have run spybot and adaware nothing showing.
Computer is ssoooo slow and will not allow me to eject a writable disc.
running winxp pro
AMD 1800xp chip
ECS k7s5a m/b
256 meg sdram
Can you assist again please?
Gordon



 
Reply With Quote
 
 
 
 
Mara
Guest
Posts: n/a
 
      02-11-2004
On Wed, 11 Feb 2004 13:00:57 -0000, "Gordon" <grdoon http://www.velocityreviews.com/forums/(E-Mail Removed)>
wrote:

>Hi,
>Can any one assist again please.
>Have two processes running which I am unsure of,
>MPBTN.EXE
>and E_S4IOF2.EXE
>Google search takes me to www.pacs-portal website, and a search from there
>takes me to computer cops. suggesting a browser hijacker, but the site
>search isnt compatible with Netscape 7.1
>Have run spybot and adaware nothing showing.
>Computer is ssoooo slow and will not allow me to eject a writable disc.
>running winxp pro
>AMD 1800xp chip
>ECS k7s5a m/b
>256 meg sdram
>Can you assist again please?
>Gordon


Do you have a file called Q3567836.exe on your system?


--
"... by God I *KNOW* what this network is for, and you can't have it."
-- Russ Allbery, 3/31/98
 
Reply With Quote
 
 
 
 
°Mike°
Guest
Posts: n/a
 
      02-11-2004
The mpbtn.exe file appears to be part of your Blueyonder
package. What does it say if you right click on it and
view the version information in the properties? You should
be able to find it in:
C:\Program Files\blueyonder IST\bin\mpbtn.exe

I can find no information on e_s4iof2.exe. Install HijackThis
and post the contents of your log here.

HijackThis
http://www.tomcoyote.org/hjt/


On Wed, 11 Feb 2004 13:00:57 -0000, in
<6IpWb.6223$(E-Mail Removed)>
"Gordon" <grdoon (E-Mail Removed)> scrawled:

>Hi,
>Can any one assist again please.
>Have two processes running which I am unsure of,
>MPBTN.EXE
>and E_S4IOF2.EXE
>Google search takes me to www.pacs-portal website, and a search from there
>takes me to computer cops. suggesting a browser hijacker, but the site
>search isnt compatible with Netscape 7.1
>Have run spybot and adaware nothing showing.
>Computer is ssoooo slow and will not allow me to eject a writable disc.
>running winxp pro
>AMD 1800xp chip
>ECS k7s5a m/b
>256 meg sdram
>Can you assist again please?
>Gordon
>
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      02-11-2004
Logfile of HijackThis v1.97.7
Scan saved at 19:40:34, on 11/02/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\PROGRA~1\FILTER~1\filtergate.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration
Utility\WlanMonitor.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\LABEL CREATOR\CDLABEL.EXE
C:\Program Files\WinMX\WinMX.exe
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\LABEL CREATOR\CDLABEL.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Gordon\Local Settings\Temp\Temporary Directory 1
for hijackthis1977.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = 127.0.0.1
N1 - Netscape 4: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Program
Files\Netscape\Users\gordonford\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Documents and Settings\Gordon\Application
Data\Mozilla\Profiles\default\i60b71qo.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"http://www.google.com/"); (C:\Documents and Settings\Gordon\Application
Data\Mozilla\Profiles\default\i60b71qo.slt\prefs.j s)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Messenger\ycomp.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus
Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [FilterGate] C:\PROGRA~1\FILTER~1\filtergate.exe /ASK
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program
Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk =
C:\lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = C:\Program
Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
Files\Microtek\ScanWizard 5\ScannerFinder.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...rus.com/housec
all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...B?37754.628576
3889


"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The mpbtn.exe file appears to be part of your Blueyonder
> package. What does it say if you right click on it and
> view the version information in the properties? You should
> be able to find it in:
> C:\Program Files\blueyonder IST\bin\mpbtn.exe
>
> I can find no information on e_s4iof2.exe. Install HijackThis
> and post the contents of your log here.
>
> HijackThis
> http://www.tomcoyote.org/hjt/
>
>
> On Wed, 11 Feb 2004 13:00:57 -0000, in
> <6IpWb.6223$(E-Mail Removed)>
> "Gordon" <grdoon (E-Mail Removed)> scrawled:
>
> >Hi,
> >Can any one assist again please.
> >Have two processes running which I am unsure of,
> >MPBTN.EXE
> >and E_S4IOF2.EXE
> >Google search takes me to www.pacs-portal website, and a search from

there
> >takes me to computer cops. suggesting a browser hijacker, but the site
> >search isnt compatible with Netscape 7.1
> >Have run spybot and adaware nothing showing.
> >Computer is ssoooo slow and will not allow me to eject a writable disc.
> >running winxp pro
> >AMD 1800xp chip
> >ECS k7s5a m/b
> >256 meg sdram
> >Can you assist again please?
> >Gordon
> >
> >

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      02-11-2004
On Wed, 11 Feb 2004 19:42:56 -0000, in
<YAvWb.64$(E-Mail Removed)>
"Gordon" <grdoon (E-Mail Removed)> scrawled:

>Logfile of HijackThis v1.97.7


<snip>

>O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
>C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll


Why anybody would want a "Real" BHO installed, is beyond me.


>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>C:\WINDOWS\System32\NvCpl.dll,NvStartup


If you don't use your Nvidia display properties extensions,
disable this.


>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


Same as above (Virtual Desktop - Nvidia).


>O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
>C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0 F2.EXE /P30 "EPSON Stylus
>Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"


This is one of the files you were concerned about. It is your
USB printer driver.


>O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe


I do not know what this is (KierNet K9).


>O4 - Global Startup: FlashPath Monitor.lnk = C:\Program
>Files\SmartDisk\FlashPath\sdstat.exe


Battery status for floppy adapter. Not needed.


>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
>Office\Office\OSA9.EXE


Microsoft's notorious Startup Application utility. My advice is
to disable this.


<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      02-11-2004
Mike,
The file mpbtn.exe is showing as being in two folders,
Windows prefetch and Blueyonder
Files are different sizes in both paths
properties for the blueyonder file give these details
file type =application
description=motive chorus system tray button
located in crogramme files\blueyonderIST\bin
created 15/12/03
accessed 11/02/04
version info gives 5.0.2.32326
copyright '98 '99'00
build author = administrator on ROPE
Company info=Motive communications.inc
Have run spybot and adaware and Norton antivirus all up to date with
downloads and nothing has appeared on any of them.
Sorry about extended post.
Many thanks for your help
Gordon


 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      02-11-2004
Sorry, I forgot to mention that one. It's a help and support
component from your ISP. Leave it in place. The copy in
the prefetch cache is normal.


On Wed, 11 Feb 2004 20:31:37 -0000, in
<5nwWb.35$(E-Mail Removed)>
"Gordon" <grdoon (E-Mail Removed)> scrawled:

>Mike,
>The file mpbtn.exe is showing as being in two folders,
>Windows prefetch and Blueyonder
>Files are different sizes in both paths
>properties for the blueyonder file give these details
>file type =application
>description=motive chorus system tray button
>located in crogramme files\blueyonderIST\bin
>created 15/12/03
>accessed 11/02/04
>version info gives 5.0.2.32326
>copyright '98 '99'00
>build author = administrator on ROPE
>Company info=Motive communications.inc
>Have run spybot and adaware and Norton antivirus all up to date with
>downloads and nothing has appeared on any of them.
>Sorry about extended post.
>Many thanks for your help
>Gordon
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      02-11-2004
Mike,
Thanks very much for your valued assistance.
Glad to know its nowt sinister.
Will follow your advise on other items.
Best regards
Gordon
P.S if your ever in the West Midlands I owe you a pint of Banks's best

"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Sorry, I forgot to mention that one. It's a help and support
> component from your ISP. Leave it in place. The copy in
> the prefetch cache is normal.
>
>
> On Wed, 11 Feb 2004 20:31:37 -0000, in
> <5nwWb.35$(E-Mail Removed)>
> "Gordon" <grdoon (E-Mail Removed)> scrawled:
>
> >Mike,
> >The file mpbtn.exe is showing as being in two folders,
> >Windows prefetch and Blueyonder
> >Files are different sizes in both paths
> >properties for the blueyonder file give these details
> >file type =application
> >description=motive chorus system tray button
> >located in crogramme files\blueyonderIST\bin
> >created 15/12/03
> >accessed 11/02/04
> >version info gives 5.0.2.32326
> >copyright '98 '99'00
> >build author = administrator on ROPE
> >Company info=Motive communications.inc
> >Have run spybot and adaware and Norton antivirus all up to date with
> >downloads and nothing has appeared on any of them.
> >Sorry about extended post.
> >Many thanks for your help
> >Gordon
> >

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      02-11-2004
You're welcome. It's been years since I tasted a pint of Banks'


On Wed, 11 Feb 2004 20:55:21 -0000, in
<QEwWb.83$(E-Mail Removed)>
"Gordon" <grdoon (E-Mail Removed)> scrawled:

>Mike,
>Thanks very much for your valued assistance.
>Glad to know its nowt sinister.
>Will follow your advise on other items.
>Best regards
>Gordon
>P.S if your ever in the West Midlands I owe you a pint of Banks's best


<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mpbtn ? granville Computer Support 2 07-16-2004 07:35 PM
mpbtn Gordon Computer Support 1 02-11-2004 11:59 PM



Advertisments