PC Keeps Crashing

  1. 01-12-2005  #1
    Harfin
    Harfin is offline Full Member

    PC Keeps Crashing

    Hi

    Please help , I seem to have a problem where my PC has slowed right down and keeps crashing as if something is running in the background. I have also lost the link with my printer (Once I have finalised the problem will re-install drivers)My first thoughts are that there is a bug somewhere. I have scanned with spybot , and ad-aware all is clear.

    Can you tell from the Hijack this file if there is a problem??

    Many thanks

    Harfin
    Attached Files

  3. 01-12-2005  #2
    Neal
    Neal is offline Dedicated Member
    Welcome to DAL,

    Your HJT log isn't showing a whole lot.

    Click scan button and put a check next to these items:

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/198c9252...p/RdxIE601.cab

    Make sure nothing is open but hijackthis and click fix checked.


    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html

    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".

    Use the windows tab only please, click run cleaner


    Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  4. 01-12-2005  #3
    Harfin
    Harfin is offline Full Member
    Thanks for the help,

    Please find Ewido Scan report

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 22:14:12, 01/12/2005
    + Report-Checksum: 9EA341E9

    + Scan result:

    C:\Documents and Settings\Deb's\Cookies\deb's@e-2dj6wjmigpcjocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Deb's\Cookies\deb's@e-2dj6wjmyopcjigo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Nick's\Cookies\nick's@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Nick's\Cookies\nick's@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Nick's\Cookies\nick's@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Nick's\Cookies\nick's@e-2dj6wfkiepcjcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Nick's\Local Settings\Temporary Internet Files\Content.IE5\GRT3M2ZD\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Program Files\Screensavers.com\Installer\bin\ScreensaversI nst.dll -> Spyware.Comet : Cleaned with backup


    ::Report End

    I have attached a new Hijack this .Note the PC seems alot quicker and hasn't crashed so far

    Thanks

    Harfin
  5. 02-12-2005  #4
    Neal
    Neal is offline Dedicated Member
    Hi,


    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.


    Internet Explorer required
    Run these two online virus scanners (Panda Activescan) following these instructions below:
    http://www.pandasoftware.com/product..._principal.htm


    Internet Explorer required
    Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html

    Save both logs for me to look at just in case something else is there. These scans will take an hour or more to do.
  6. 05-12-2005  #5
    Harfin
    Harfin is offline Full Member
    Many thanks for your help

    Uninstall list

    Ad-Aware SE Personal
    Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Photoshop Elements
    Adobe Reader 7.0
    Adobe Stock Photos 1.0
    Adobe SVG Viewer
    Advanced RealMedia Export Plug-in for Premiere 6.0
    Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
    Any to Icon
    ArcSoft Panorama Maker 3.0
    ASUS GameFace
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG Free Edition
    Azureus
    Barbie(tm) Beach Party
    Bink and Smacker
    broadband medic
    Canon CanoScan Toolbox 4.1
    CanoScan LiDE20,30 Manual
    CCleaner (remove only)
    C-Media WDM Audio Driver
    Corel Paint Shop Pro X
    CutePDF Writer 2.3
    DreamStation DXi2
    eBay Toolbar
    EPSON Logiciel imprimante
    EPSON PhotoQuicker3.5
    ESPR200 Reference Guide
    ESPR200 Software Guide
    ewido security suite
    Google Toolbar for Internet Explorer
    HSP56 MR Drivers
    InterVideo WinDVD 4
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    Java 2 Runtime Environment Standard Edition v1.3.1_04
    LimeWire 4.9.30
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft AntiSpyware
    Microsoft DirectX 9.0 SDK Update (April 2005)
    Microsoft Office Professional Edition 2003
    Microsoft Office Sounds
    Multi-Card Reader & Flash Disk
    Native Instruments - Traktor 1.06
    Nero 6 Ultra Edition
    Nero Digital
    Ofoto Easy Upload ActiveX Control
    OmniPage SE
    Paq PDFtools 2.01
    PhotoNow! 1.0
    PIF DESIGNER2.1
    Pinnacle InstantCD/DVD Suite
    Pocket RAR documentation
    PowerDirector
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Registry First Aid
    RegistryFix v3.0
    Replay Radio 5.2
    Rio Internet Update
    Rio Music Manager
    santaski Screen Saver
    ScanToWeb
    Screensavers Installer
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiSRaidPackage
    SmartSound Quicktracks Plugin
    Spybot - Search & Destroy 1.3
    Spyware Doctor 3.2
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    ViewMate 9.2
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888240
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinRAR archiver
    XP Codec Pack



    Bit Defender report

    BitDefender Online Scanner - Real Time Virus Report



    Generated at: Mon, Dec 05, 2005 - 07:38:08


    --------------------------------------------------------------------------------





    Scan Info



    Scanned Files
    822777

    Infected Files
    0








    Virus Detected



    No virus found.











    --------------------------------------------------------------------------------



    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


    Active Scan report

    Incident Status Location

    Hacktool:HackTool/ExitWin.A Not desinfected C:\Program Files\HijackThis\hijackthis\backups\backup-20050720-231301-460-Reboot.exe


    Regards

    Harfin
  7. 05-12-2005  #6
    Neal
    Neal is offline Dedicated Member
    Everything came out good there. This may not be a virus related issue.




    Please download Webroot SpySweeper from here: SpySweeper

    Click the Free Trial link under to "SpySweeper" to download the program.
    Install it.
    Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Sweep Now on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.

    Paste the contents of the session log you copied into your next reply.
  8. 05-12-2005  #7
    Harfin
    Harfin is offline Full Member
    Thanks for your help

    22:26: | Start of Session, 05 December 2005 |
    22:26: Spy Sweeper started
    22:26: Sweep initiated using definitions version 556
    22:26: Starting Memory Sweep
    22:29: Memory Sweep Complete, Elapsed Time: 00:02:51
    22:29: Starting Registry Sweep
    22:29: Found Adware: cws-aboutblank
    22:29: HKCR\protocols\filter\text/html\ (ID = 114343)
    22:29: HKLM\software\classes\protocols\filter\text/html\ (ID = 115907)
    22:30: Found Adware: screensavers
    22:30: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
    22:30: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
    22:30: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
    22:30: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
    22:30: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
    22:30: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
    22:30: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
    22:30: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
    22:30: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
    22:30: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
    22:30: HKLM\software\classes\screensaversinstaller.instal ler.1\ (3 subtraces) (ID = 140560)
    22:30: HKLM\software\classes\screensaversinstaller.instal ler\ (5 subtraces) (ID = 140561)
    22:30: HKLM\software\classes\screensaversinstaller.sinsta ller.1\ (3 subtraces) (ID = 140562)
    22:30: HKLM\software\classes\screensaversinstaller.sinsta ller.1\clsid\ (1 subtraces) (ID = 140563)
    22:30: HKLM\software\classes\screensaversinstaller.sinsta ller\ (5 subtraces) (ID = 140564)
    22:30: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
    22:30: HKLM\software\microsoft\windows\currentversion\uni nstall\screensaversinstaller\ (2 subtraces) (ID = 140568)
    22:30: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
    22:30: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
    22:30: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
    22:30: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
    22:30: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
    22:30: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
    22:30: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
    22:30: Found System Monitor: netnanny chat monitor
    22:30: HKCR\appid\nnsvc.exe\ (1 subtraces) (ID = 595241)
    22:30: HKLM\software\nns\ (3 subtraces) (ID = 595256)
    22:30: HKLM\software\nns\5\ (2 subtraces) (ID = 595257)
    22:30: HKLM\software\nns\5\ || a (ID = 595258)
    22:30: Found Adware: coolwebsearch (cws)
    22:30: HKU\WRSS_Profile_S-1-5-21-2287049075-1129908738-568603185-501\software\microsoft\windows\currentversion\run\ || quicktime task (ID = 112405)
    22:30: HKU\WRSS_Profile_S-1-5-21-2287049075-1129908738-568603185-1009\software\microsoft\windows\currentversion\run \ || quicktime task (ID = 112405)
    22:30: HKU\WRSS_Profile_S-1-5-21-2287049075-1129908738-568603185-1008\software\microsoft\windows\currentversion\run \ || quicktime task (ID = 112405)
    22:30: Registry Sweep Complete, Elapsed Time:00:01:03
    22:30: Starting Cookie Sweep
    22:30: Found Spy Cookie: a cookie
    22:30: deb's@a[1].txt (ID = 2027)
    22:30: Found Spy Cookie: touchclarity cookie
    22:30: deb's@msn.touchclarity[1].txt (ID = 3566)
    22:30: Found Spy Cookie: about cookie
    22:30: nick's@about[2].txt (ID = 2037)
    22:30: Found Spy Cookie: yieldmanager cookie
    22:30: nick's@ad.yieldmanager[1].txt (ID = 3751)
    22:30: nick's@a[1].txt (ID = 2027)
    22:30: nick's@dvr.about[1].txt (ID = 2038)
    22:30: Cookie Sweep Complete, Elapsed Time: 00:00:02
    22:30: Starting File Sweep
    22:31: c:\program files\screensavers.com (8 subtraces) (ID = -2147480365)
    22:40: swpstart.exe (ID = 74759)
    22:41: File Sweep Complete, Elapsed Time: 00:10:51
    22:41: Full Sweep has completed. Elapsed time 00:14:56
    22:41: Traces Found: 227
    22:44: Removal process initiated
    22:45: Quarantining All Traces: cws-aboutblank
    22:45: Quarantining All Traces: netnanny chat monitor
    22:45: Quarantining All Traces: coolwebsearch (cws)
    22:45: Quarantining All Traces: screensavers
    22:45: Quarantining All Traces: a cookie
    22:45: Quarantining All Traces: about cookie
    22:45: Quarantining All Traces: touchclarity cookie
    22:45: Quarantining All Traces: yieldmanager cookie
    22:45: Removal process completed. Elapsed time 00:00:34
    ********
    22 | Start of Session, 05 December 2005 |
    22 Spy Sweeper started
    22:24: Definitions can not be updated because subscription has expired.
    22:26: Processing Startup Alerts
    22:26: Allowed Startup entry: Spy Sweeper Fix.lnk
    22:26: | End of Session, 05 December 2005 |
  9. 06-12-2005  #8
    Neal
    Neal is offline Dedicated Member
    Download http://www.bleepingcomputer.com/files/winpfind.php

    Extract WinPFind.zip to your c:\ folder.

    Reboot your computer into Safe Mode

    Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.


    Please post a new and fresh hijackthis log directly into this thread it just makes it easier to read. Thanks.
  10. 07-12-2005  #9
    Harfin
    Harfin is offline Full Member
    Hi

    Apologies for the delay, I have been trying to run theWinPfind programme in safe mode as soon as I hit start scan my hard disk light goes permanently on . Whithin 3 seconds the computer crashes. I have tried several times and the same thing happens.

    New HJ this log

    Logfile of HijackThis v1.99.1
    Scan saved at 21:48:03, on 07/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\RioMSC.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM...1/axofupld.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...38/mcfscan.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe



    Any Ideas

    Thanks

    Harfin
  11. 07-12-2005  #10
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    That's a shame.

    If you have any screensaver stuff in add/remove program please remove those, most free ones are flagged as adware.

    Might not hurt to remove LimeWire, but probably you paid for it huh? just to see if that could be contributing to crashes.







    1. Please download dllcompare (A scanner to locate hidden DLL files) from this locations:
    DLLCompare
    2. When you execute dllcompare.exe, by default the c:\windows\system32 is selected. This can be changed to scan you entire computer for any file type - Simply select the path and check off the box labelled "Include SubDirectories"
    3. Click on "Locate.com" and allow the scan to complete.
    4. After the scan has finished click on "Compare" to scan for the files that Windows does not see. This step will take a few minutes to run.
    5. If the box at the bottom of the screen contains any files, these are the ones that are hidden - Click on "Make a Log of what was Found".
    6. When prompted to "View Log File" click on "Yes".
    7. Notepad will open with the log file contents.
    8. In Notepad, click on "Edit" => "Select All" => "Edit" = "Copy" and post the contents as a reply to this message.

    Thanks.


    Please download SilentRunners from here:
    http://www.silentrunners.org/Silent%20Runners.zip
    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.




    * Download finditnt2000xp.zip
    * Unzip the contents of finditnt2000xp.zip to a convenient location.
    * Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
    * A command prompt will open and it will search your computer for malicious files.
    * Once it has finished a Notepad window will pop up with output.txt.
    * Copy the entire contents of output.txt into your next post.
    * DON'T delete/modify any files yet
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
« Please help | IEXPLORE.EXE terminates runtime in unusual way »