Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP - System Crash


  • Please log in to reply

#1
bazzala

bazzala

    Member

  • Member
  • PipPip
  • 57 posts
Can anyone help?

My system keeps crashing shorlty after boot up. I suspect it is due to some spyware infection, but can't get as far as running any spyware programs (as on your help page) before it crashes.

The egg timer is on when I hover over the task bar, I can CTRL ALT Del to shut the ststem down, and under processes, I seem to have a lot running, but am nervous about ending any, but can't do much else.

Any ideas

Thanks
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0

#3
bazzala

bazzala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi,

Thanks for this. Unfortunatley my machine seems to crash everytime I try to either dowload or run one of the spyware programs, I got as far as As Aware but it shut down my system during SpyBot S&D, its just crashing whatever I' doing.

Is there anything else I can try?

Cheers
  • 0

#4
emery

emery

    Member

  • Member
  • PipPipPip
  • 583 posts
you could try scanning your machine in safe mode. press f8 on startup and choose safe mode.
  • 0

#5
bazzala

bazzala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I'm in safe mode and trying to run spybot but it taking an age - don't know whether this is because it's insafe mode or just my system?

Would doing a system restore help? How do I do that?
  • 0

#6
happyrock

happyrock

    Tech Moderator

  • Retired Staff
  • 9,285 posts
using system restore will NOT get rid of malware...let the tools run in safe mode..depending on how much crud you have on your computer it can take a hour or more to run...let it work
  • 0

#7
bazzala

bazzala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, I've finally managed to get through the info on the help page - system seems to be working a lot better, but I had to disable some of the start up programs under msconfig first, anyway I'm back in normal boot mode now and have a hijack this log.

Ewido would not do a complete system scan - it crashed and closed saying something bad had happened to the system, also Spybot could not delete all the infections it found - said it would try on re-boot but the same thing happened.

Anyway here's the log: Can anyone tell me if it'sfixed:

Logfile of HijackThis v1.99.1
Scan saved at 19:35:23, on 21/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\STDSB.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rovers.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rovers.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: ³¬¼¶²¥°Ô.lnk = C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStarter.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: DigiChat Applet - http://albany.digi-n..._IE_5_1_0_1.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.uclan.ac....mote/wfica2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132868060257
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132868037663
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B94ABD3-6073-459D-9F40-D648AE9F0931}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{881D92B9-18F0-4455-9862-333F14C0BD20}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCF598B-0688-473E-A12D-CA33FACF7006}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{C000CFF9-2FFF-49D3-BFD4-1702D4DF0CC6}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC8E6EFC-8057-4ACF-8ACB-704A4C05D5F9}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3E62675-1C86-45FE-B904-AEDBF003CFB8}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{D81913BD-C2D2-4D65-B73A-594593E34BB0}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: QcDrv - {5BA8B856-815E-ADC7-E407-3966FBF50D8F} - c:\program files\common files\logitech\qcdrv\bin\winirco32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#8
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
[attachment=9787:attachment]all of 017 is spyware and you should remove it but you should go to malware forum cause you are definitely infected......



look up ur infections here and take out the ones you can see


http://www.hijackrem...entSpyware.aspx


this is also located at the site...see attach
  • 0

#9
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

you also have that in your system get rid of toolbar and radio

you are seriosly infected and go to malware forum they can help


more info on your toolbar and radio




http://www.hijackrem...eDetail570.aspx


use the hijack program to fix the above mentioned problems hopefully it will allow you enough time to run the malware program they have in the forum.............scan your hijack program ...put a check in 3 and all the 17 .....click fix.......go to malware forum run their program and put post in the malware forum.....GOOOOD LUCK

Edited by rushin1nd, 21 July 2006 - 10:37 PM.

  • 0

#10
bazzala

bazzala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Cheers for this - I've deleted the ones you said, and checked on that list and deleted a few others, andnow posted a new log in the hijack this forum.

Cheers
  • 0

#11
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
let me know how it works out for you
  • 0

#12
bazzala

bazzala

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I will do,

Do you know how to get a quicker reply, i posted on the hijack this forum n haven't had a reply yet? Postedon 22nd
  • 0

#13
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
it does take a while in the malware forum

so for a quick reply that remain to seen just be patient

some will answer to you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP