Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

media files crashing


  • Please log in to reply

#1
spankyxl

spankyxl

    New Member

  • Member
  • Pip
  • 1 posts
;)
every time i try to run a media file explorer crashes and dr watson closes down i have to go into CTRL ALT DEL and close down the process tree. what can i do to stop this as roxio dvd builder is also being affected and closes down if i preview or even burn the media file

i have done a spyware scan with noadware v3 which got rid of quite a bit of crap and also tried norton scans with no affect to this issue, yet process now seems faster.

here is a hijactthis log to help anyone willing to help me.

Logfile of HijackThis v1.99.0
Scan saved at 14:09:11, on 30/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
c:\windows\system32\dllcache\win32\winlogon.exe
c:\windows\system32\dllcache\win32\winlogon.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\LMU.exe
C:\DOCUME~1\ROBHIL~1\LOCALS~1\Temp\searchbarcash.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Documents and Settings\Rob Hillary\Application Data\ibrd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\w?aclt.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\eXeem\eXeem.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
D:\Downloaded Media Files\Software Downloads\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.looksm...h?pi=lstb2&tv=1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.web--sear...php?uninstaller
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {C6744345-DDA5-8807-823D-FA4DF6D32EC3} - C:\WINDOWS\system32\dxeq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [mswspl] C:\DOCUME~1\ROBHIL~1\LOCALS~1\Temp\searchbarcash.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Surs] C:\Documents and Settings\Rob Hillary\Application Data\ibrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tepw] C:\WINDOWS\system32\w?aclt.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {98296527-3BF1-44B8-A3A5-FA9848DA5C40} - http://www.medion.co.uk (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3189460D-81EA-448E-B233-822ABB6FEDE6}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{39508F13-5F99-457F-A23A-6EE4C26A9717}: NameServer = 195.93.50.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{3189460D-81EA-448E-B233-822ABB6FEDE6}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NTLOAD - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


cheers and hope to hear solution soon.

spanky
:tazz:
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Hi there,
Please set your system to show all files; see here for how to do this if you're unsure.

The following are mandatory fixes:
Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:

c:\windows\system32\dllcache\win32\winlogon.exe
c:\windows\system32\dllcache\win32\winlogon.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\WINDOWS\LMU.exe
C:\DOCUME~1\ROBHIL~1\LOCALS~1\Temp\searchbarcash.exe
C:\Documents and Settings\Rob Hillary\Application Data\ibrd.exe
C:\WINDOWS\system32\w?aclt.exe


Exit the Task Manager when finished

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.looksm...h?pi=lstb2&tv=1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.web--sear...php?uninstaller
O2 - BHO: (no name) - {C6744345-DDA5-8807-823D-FA4DF6D32EC3} - C:\WINDOWS\system32\dxeq.dll
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [mswspl] C:\DOCUME~1\ROBHIL~1\LOCALS~1\Temp\searchbarcash.exe
O4 - HKCU\..\Run: [Surs] C:\Documents and Settings\Rob Hillary\Application Data\ibrd.exe
O4 - HKCU\..\Run: [Tepw] C:\WINDOWS\system32\w?aclt.exe
O23 - Service: NTLOAD - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown - c:\windows\system32\dllcache\win32\winlogon.exe


Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

c:\windows\system32\dllcache\win32\winlogon.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\WINDOWS\LMU.exe
C:\DOCUME~1\ROBHIL~1\LOCALS~1\Temp\searchbarcash.exe
C:\Documents and Settings\Rob Hillary\Application Data\ibrd.exe
C:\WINDOWS\system32\w?aclt.exe
C:\WINDOWS\system32\dxeq.dll


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we'll take another look.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP