mpbtn

Discussion in 'Computer Support' started by Gordon, Feb 11, 2004.

  1. Gordon

    Gordon Guest

    Hi,
    Can any one assist again please.
    Have two processes running which I am unsure of,
    MPBTN.EXE
    and E_S4IOF2.EXE
    Google search takes me to www.pacs-portal website, and a search from there
    takes me to computer cops. suggesting a browser hijacker, but the site
    search isnt compatible with Netscape 7.1
    Have run spybot and adaware nothing showing.
    Computer is ssoooo slow and will not allow me to eject a writable disc.
    running winxp pro
    AMD 1800xp chip
    ECS k7s5a m/b
    256 meg sdram
    Can you assist again please?
    Gordon
     
    Gordon, Feb 11, 2004
    #1
    1. Advertising

  2. Gordon

    Mara Guest

    On Wed, 11 Feb 2004 13:00:57 -0000, "Gordon" <grdoon >
    wrote:

    >Hi,
    >Can any one assist again please.
    >Have two processes running which I am unsure of,
    >MPBTN.EXE
    >and E_S4IOF2.EXE
    >Google search takes me to www.pacs-portal website, and a search from there
    >takes me to computer cops. suggesting a browser hijacker, but the site
    >search isnt compatible with Netscape 7.1
    >Have run spybot and adaware nothing showing.
    >Computer is ssoooo slow and will not allow me to eject a writable disc.
    >running winxp pro
    >AMD 1800xp chip
    >ECS k7s5a m/b
    >256 meg sdram
    >Can you assist again please?
    >Gordon


    Do you have a file called Q3567836.exe on your system?


    --
    "... by God I *KNOW* what this network is for, and you can't have it."
    -- Russ Allbery, 3/31/98
     
    Mara, Feb 11, 2004
    #2
    1. Advertising

  3. Gordon

    °Mike° Guest

    The mpbtn.exe file appears to be part of your Blueyonder
    package. What does it say if you right click on it and
    view the version information in the properties? You should
    be able to find it in:
    C:\Program Files\blueyonder IST\bin\mpbtn.exe

    I can find no information on e_s4iof2.exe. Install HijackThis
    and post the contents of your log here.

    HijackThis
    http://www.tomcoyote.org/hjt/


    On Wed, 11 Feb 2004 13:00:57 -0000, in
    <6IpWb.6223$>
    "Gordon" <grdoon > scrawled:

    >Hi,
    >Can any one assist again please.
    >Have two processes running which I am unsure of,
    >MPBTN.EXE
    >and E_S4IOF2.EXE
    >Google search takes me to www.pacs-portal website, and a search from there
    >takes me to computer cops. suggesting a browser hijacker, but the site
    >search isnt compatible with Netscape 7.1
    >Have run spybot and adaware nothing showing.
    >Computer is ssoooo slow and will not allow me to eject a writable disc.
    >running winxp pro
    >AMD 1800xp chip
    >ECS k7s5a m/b
    >256 meg sdram
    >Can you assist again please?
    >Gordon
    >
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Feb 11, 2004
    #3
  4. Gordon

    Gordon Guest

    Logfile of HijackThis v1.97.7
    Scan saved at 19:40:34, on 11/02/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\NILaunch.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\PROGRA~1\FILTER~1\filtergate.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\lotus\organize\easyclip.exe
    C:\lotus\smartctr\smartctr.exe
    C:\lotus\smartctr\suitest.exe
    C:\Program Files\NETGEAR\MA101 USB Adapter Configuration
    Utility\WlanMonitor.exe
    C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
    C:\Program Files\KeirNet\K9\K9.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\LABEL CREATOR\CDLABEL.EXE
    C:\Program Files\WinMX\WinMX.exe
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\LABEL CREATOR\CDLABEL.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Gordon\Local Settings\Temp\Temporary Directory 1
    for hijackthis1977.zip\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://home.netscape.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://home.netscape.com/home/winsearch.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    N1 - Netscape 4: user_pref("browser.startup.homepage",
    "http://home.netscape.com/"); (C:\Program
    Files\Netscape\Users\gordonford\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://home.netscape.com/"); (C:\Documents and Settings\Gordon\Application
    Data\Mozilla\Profiles\default\i60b71qo.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "http://www.google.com/"); (C:\Documents and Settings\Gordon\Application
    Data\Mozilla\Profiles\default\i60b71qo.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Messenger\ycomp.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Messenger\ycomp.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator
    5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    2\MsgPlus.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus
    Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [FilterGate] C:\PROGRA~1\FILTER~1\filtergate.exe /ASK
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager]
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background
    O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
    Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program
    Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Lotus Organizer EasyClip.lnk =
    C:\lotus\organize\easyclip.exe
    O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
    O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
    O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
    O4 - Global Startup: MA101 Configuration Utility .lnk = C:\Program
    Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
    Files\Microtek\ScanWizard 5\ScannerFinder.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housec
    all/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37754.628576
    3889


    "°Mike°" <> wrote in message
    news:...
    > The mpbtn.exe file appears to be part of your Blueyonder
    > package. What does it say if you right click on it and
    > view the version information in the properties? You should
    > be able to find it in:
    > C:\Program Files\blueyonder IST\bin\mpbtn.exe
    >
    > I can find no information on e_s4iof2.exe. Install HijackThis
    > and post the contents of your log here.
    >
    > HijackThis
    > http://www.tomcoyote.org/hjt/
    >
    >
    > On Wed, 11 Feb 2004 13:00:57 -0000, in
    > <6IpWb.6223$>
    > "Gordon" <grdoon > scrawled:
    >
    > >Hi,
    > >Can any one assist again please.
    > >Have two processes running which I am unsure of,
    > >MPBTN.EXE
    > >and E_S4IOF2.EXE
    > >Google search takes me to www.pacs-portal website, and a search from

    there
    > >takes me to computer cops. suggesting a browser hijacker, but the site
    > >search isnt compatible with Netscape 7.1
    > >Have run spybot and adaware nothing showing.
    > >Computer is ssoooo slow and will not allow me to eject a writable disc.
    > >running winxp pro
    > >AMD 1800xp chip
    > >ECS k7s5a m/b
    > >256 meg sdram
    > >Can you assist again please?
    > >Gordon
    > >
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Gordon, Feb 11, 2004
    #4
  5. Gordon

    °Mike° Guest

    On Wed, 11 Feb 2004 19:42:56 -0000, in
    <YAvWb.64$>
    "Gordon" <grdoon > scrawled:

    >Logfile of HijackThis v1.97.7


    <snip>

    >O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
    >C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll


    Why anybody would want a "Real" BHO installed, is beyond me.


    >O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    >C:\WINDOWS\System32\NvCpl.dll,NvStartup


    If you don't use your Nvidia display properties extensions,
    disable this.


    >O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


    Same as above (Virtual Desktop - Nvidia).


    >O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
    >C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus
    >Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"


    This is one of the files you were concerned about. It is your
    USB printer driver.


    >O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe


    I do not know what this is (KierNet K9).


    >O4 - Global Startup: FlashPath Monitor.lnk = C:\Program
    >Files\SmartDisk\FlashPath\sdstat.exe


    Battery status for floppy adapter. Not needed.


    >O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    >Office\Office\OSA9.EXE


    Microsoft's notorious Startup Application utility. My advice is
    to disable this.


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Feb 11, 2004
    #5
  6. Gordon

    Gordon Guest

    Mike,
    The file mpbtn.exe is showing as being in two folders,
    Windows prefetch and Blueyonder
    Files are different sizes in both paths
    properties for the blueyonder file give these details
    file type =application
    description=motive chorus system tray button
    located in c:programme files\blueyonderIST\bin
    created 15/12/03
    accessed 11/02/04
    version info gives 5.0.2.32326
    copyright '98 '99'00
    build author = administrator on ROPE
    Company info=Motive communications.inc
    Have run spybot and adaware and Norton antivirus all up to date with
    downloads and nothing has appeared on any of them.
    Sorry about extended post.
    Many thanks for your help
    Gordon
     
    Gordon, Feb 11, 2004
    #6
  7. Gordon

    °Mike° Guest

    Sorry, I forgot to mention that one. It's a help and support
    component from your ISP. Leave it in place. The copy in
    the prefetch cache is normal.


    On Wed, 11 Feb 2004 20:31:37 -0000, in
    <5nwWb.35$>
    "Gordon" <grdoon > scrawled:

    >Mike,
    >The file mpbtn.exe is showing as being in two folders,
    >Windows prefetch and Blueyonder
    >Files are different sizes in both paths
    >properties for the blueyonder file give these details
    >file type =application
    >description=motive chorus system tray button
    >located in c:programme files\blueyonderIST\bin
    >created 15/12/03
    >accessed 11/02/04
    >version info gives 5.0.2.32326
    >copyright '98 '99'00
    >build author = administrator on ROPE
    >Company info=Motive communications.inc
    >Have run spybot and adaware and Norton antivirus all up to date with
    >downloads and nothing has appeared on any of them.
    >Sorry about extended post.
    >Many thanks for your help
    >Gordon
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Feb 11, 2004
    #7
  8. Gordon

    Gordon Guest

    Mike,
    Thanks very much for your valued assistance.
    Glad to know its nowt sinister.
    Will follow your advise on other items.
    Best regards
    Gordon
    P.S if your ever in the West Midlands I owe you a pint of Banks's best

    "°Mike°" <> wrote in message
    news:...
    > Sorry, I forgot to mention that one. It's a help and support
    > component from your ISP. Leave it in place. The copy in
    > the prefetch cache is normal.
    >
    >
    > On Wed, 11 Feb 2004 20:31:37 -0000, in
    > <5nwWb.35$>
    > "Gordon" <grdoon > scrawled:
    >
    > >Mike,
    > >The file mpbtn.exe is showing as being in two folders,
    > >Windows prefetch and Blueyonder
    > >Files are different sizes in both paths
    > >properties for the blueyonder file give these details
    > >file type =application
    > >description=motive chorus system tray button
    > >located in c:programme files\blueyonderIST\bin
    > >created 15/12/03
    > >accessed 11/02/04
    > >version info gives 5.0.2.32326
    > >copyright '98 '99'00
    > >build author = administrator on ROPE
    > >Company info=Motive communications.inc
    > >Have run spybot and adaware and Norton antivirus all up to date with
    > >downloads and nothing has appeared on any of them.
    > >Sorry about extended post.
    > >Many thanks for your help
    > >Gordon
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Gordon, Feb 11, 2004
    #8
  9. Gordon

    °Mike° Guest

    You're welcome. It's been years since I tasted a pint of Banks' :)


    On Wed, 11 Feb 2004 20:55:21 -0000, in
    <QEwWb.83$>
    "Gordon" <grdoon > scrawled:

    >Mike,
    >Thanks very much for your valued assistance.
    >Glad to know its nowt sinister.
    >Will follow your advise on other items.
    >Best regards
    >Gordon
    >P.S if your ever in the West Midlands I owe you a pint of Banks's best


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Feb 11, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gordon

    mpbtn

    Gordon, Feb 11, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    585
  2. granville

    mpbtn ?

    granville, Jul 16, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    630
    Norman Miller
    Jul 16, 2004
Loading...

Share This Page