Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer crash after start up[RESOLVED]


  • This topic is locked This topic is locked

#1
marqis

marqis

    Member

  • Member
  • PipPip
  • 51 posts
Computer stops responding after startup. All desktop icons apear and then dis apear before disapearing permanently. CTR + ALT DEL brings up the task manager and there are no tasks running and the computer is running at 15% or so on the usage. I have attatched the hijack this log from a scan on the computer.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:47:38 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8YGIW4YA\HiJackThis_v2[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1BGPOYBC\cwshredder[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {1EE59779-60C1-42C4-9ED2-D6DC5BB7CF74} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O2 - BHO: (no name) - {59D52705-0EDD-480D-8870-BEC5F59F0754} - C:\Program Files\ComPlus Applications\sitywahir89104.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [win32094201777091] C:\WINDOWS\win32094201777091.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{7844BDA2-0A63-1033-1202-030512200001}] "C:\Program Files\Common Files\{7844BDA2-0A63-1033-1202-030512200001}\Update.exe" mc-110-12-0001032
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179274634421
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....nnerInstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...1.10/ttinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you will need to download Hijackthis as the version you have is out of date, so please follow the guidelines below:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to follow the rest of the prompts from there


Now open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {1EE59779-60C1-42C4-9ED2-D6DC5BB7CF74} - C:\WINDOWS\system32\mllml.dll (file missing)
O4 - HKLM\..\Run: [win32094201777091] C:\WINDOWS\win32094201777091.exe
O4 - HKCU\..\Policies\Explorer\Run: [{7844BDA2-0A63-1033-1202-030512200001}] "C:\Program Files\Common Files\{7844BDA2-0A63-1033-1202-030512200001}\Update.exe" mc-110-12-0001032
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....nnerInstall.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download VundoFix from Here to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

So in your next reply, please include:
  • The Vundofix log
  • The DSS Main.txt
  • The DSS Extra.txt

Regards,
RatHat
  • 0

#3
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
As I was waiting for your response I dloaded AG virus scan and did some scans and I disabled some things in MS config from starting up thinking that it was the virus that was loading itself causeing it to stop responding. It looked good for like 30 mins or so however when it restarted it gave me BSoD. now I cant get past it. The stop code is OXC0000007E (OXC0000005, OC805C607B, OCF96791E8, OXF9678EE4). I have done some searching and I know that it could be a driver however I so not know what to do to get past the BSoD. and I dont want to have to reformat the Hdd. PLEASE HELP...
THank you for reading.
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Can you get into Safe Mode?

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Choose Safe Mode with Networking, and see if the system starts up.

Let me know here, how it goes. By the way, are you using another computer to access this site?

Regards,
RatHat
  • 0

#5
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
I should have been more specific the last time I posted. I have tried to log in, in safe mode however I get the same BSoD. I have logged in under the last good configuration however I get a black screen and no GUI. When I CTRL+ALT+DEL I get no response. I am at a loss at this point PLEASE HELP. I am using another computer. The computer with the BSoD is my friends and she is going to think that its my fault that its that way. She was having some problems with it so I told her I would take a look at it. I am losing brownine points with the BSoD :)

Edited by marqis, 16 March 2008 - 10:31 PM.

  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Bear with me for a while OK, I am asking some of the tech people here if there is anything we can do about this.

I reckon you might have to start thinking about a very large bunch of flowers though! :)

Regards,
RatHat
  • 0

#7
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
If all else fails I should be able to reformat the HDD and start her off fresh correct? :)
  • 0

#8
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Yes, if all else fails. Give me a bit of time to get an answer back from the Techies though, then maybe we will be able to save it.
  • 0

#9
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Sure I appreciate all of the help thus far. I feel a little better knowing that I have some support.
  • 0

#10
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Please stop in and let me know when its time to throw in the towel. Or when u think you might be able to give me some more info. I will be checking back in every few hours.
  • 0

Advertisements


#11
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Unfortunately I have yet to get a reply to my query about your problem from the Tech Staff.

Have you tried Last Good Configuration?
  • 0

#12
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
yes and when I did it loaded to a black screen with the cursor I can move the cursor with a response however there was no GUI and when I CTRL+ALT+DEL there was no response.
  • 0

#13
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Has your friend got any important files that she wants to keep?
  • 0

#14
marqis

marqis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Yes but she has given me the green light to REFORMAT if needed she said anything will beat buying a new pc.
  • 0

#15
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well I have still not heard anything back, and am doubtful of anything helpful.

It might be time to try a repair install. Have a look at this post to see how to go about it. At least you should then be able to recover her files to a CD, then carry out a full reformat.

Make sure you install a good free AV and Firewall before copying her files back so you can be fairly sure you don't copy any infections over.

Here's a good AV and Firewall to install:

avast! 4 Home Edition an excellent free AV
Comodo is a free fully functional firewall

Let me know how things go.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP