Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seen To Have Psw.x-vir And Webcry


  • Please log in to reply
12 replies to this topic

#1 kim661

kim661

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 05 January 2008 - 03:34 PM

I get on the pc this this morning after my son was on late last night. And it is acting crazy. Seems to have PSW.x-vir trojan and webcry is everywhere. What do I do to get rid of this??? Please help. Thank you!!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 05 January 2008 - 05:10 PM

If your using Win XP or 2000, Please print out and follow the generic instructions for using "SmitfraudFix".
If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.

Next, follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 05 January 2008 - 05:30 PM

SmitFraudFix v2.274

Scan done at 14:29:05.89, Sat 01/05/2008
Run from C:\Documents and Settings\ip\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 PM

Posted 05 January 2008 - 11:04 PM

DO you have the Superantispyware scan?
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 05 January 2008 - 11:14 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2008 at 02:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3374
Trace Rules Database Version: 1369

Scan type : Quick Scan
Total Scan Time : 00:15:03

Memory items scanned : 426
Memory threats detected : 3
Registry items scanned : 602
Registry threats detected : 65
File items scanned : 10036
File threats detected : 237

Adware.E404 Helper/Variant
C:\PROGRAM FILES\HELPER\TURBOSEARCHSITE.DLL
C:\PROGRAM FILES\HELPER\TURBOSEARCHSITE.DLL

Trojan.Media-Codec/V4
C:\PROGRAM FILES\VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAM FILES\VIDEO ADD-ON\ICTMDL.DLL
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}
HKCR\CLSID\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}
HKCR\CLSID\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}#xxx
HKCR\CLSID\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}\InprocServer32
HKCR\CLSID\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F2BADA0D-FD61-45EF-A994-64A073FD6613}
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\Implemented Categories
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\InprocServer32
HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\Video Add-on\icthis.exe ]
C:\Program Files\Video Add-on\ictun.exe
C:\Program Files\Video Add-on\icun.exe
C:\Program Files\Video Add-on\isfun.exe
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on
HKU\S-1-5-21-57989841-1532298954-725345543-1003\Software\Online Add-on
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString

Adware.E404 Helper/Hij
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{e31f5c72-8e0d-4921-8375-9573746c170c}
C:\WINDOWS\SYSTEM32\EZZHJMT.DLL

Adware.Tracking Cookie
C:\Documents and Settings\ip\Cookies\ip@adopt.specificclick[3].txt
C:\Documents and Settings\ip\Cookies\ip@www.burstbeacon[1].txt
C:\Documents and Settings\ip\Cookies\ip@charmingshoppes.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjnychazmep.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@partner2profit[2].txt
C:\Documents and Settings\ip\Cookies\ip@cbrichardellis.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@specificclick[3].txt
C:\Documents and Settings\ip\Cookies\ip@roiservice[1].txt
C:\Documents and Settings\ip\Cookies\ip@adserver.easyad[1].txt
C:\Documents and Settings\ip\Cookies\ip@gcc-08.googleadservices[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjnywhajmbp.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjkyggdzobp.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjnychc5kko.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@realmedia[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.clickmanage[2].txt
C:\Documents and Settings\ip\Cookies\ip@counter13.sextracker[1].txt
C:\Documents and Settings\ip\Cookies\ip@bs.serving-sys[2].txt
C:\Documents and Settings\ip\Cookies\ip@tribalfusion[3].txt
C:\Documents and Settings\ip\Cookies\ip@bluestreak[1].txt
C:\Documents and Settings\ip\Cookies\ip@statse.webtrendslive[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.googleadservices[5].txt
C:\Documents and Settings\ip\Cookies\ip@stopzilla[1].txt
C:\Documents and Settings\ip\Cookies\ip@adinterax[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.monster[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wfkiepazkfo.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@ad.outerinfoads[1].txt
C:\Documents and Settings\ip\Cookies\ip@zango[6].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wgmioodjglo.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@overture[2].txt
C:\Documents and Settings\ip\Cookies\ip@ads.realtechnetwork[4].txt
C:\Documents and Settings\ip\Cookies\ip@hosted.zango[1].txt
C:\Documents and Settings\ip\Cookies\ip@freecodesource.advertserve[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.virusranger[1].txt
C:\Documents and Settings\ip\Cookies\ip@zedo[2].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@ads.pointroll[2].txt
C:\Documents and Settings\ip\Cookies\ip@media.adrevolver[2].txt
C:\Documents and Settings\ip\Cookies\ip@media6degrees[2].txt
C:\Documents and Settings\ip\Cookies\ip@eb.adbureau[1].txt
C:\Documents and Settings\ip\Cookies\ip@questionmarket[2].txt
C:\Documents and Settings\ip\Cookies\ip@adlegend[1].txt
C:\Documents and Settings\ip\Cookies\ip@view.atdmt[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.zango[2].txt
C:\Documents and Settings\ip\Cookies\ip@serving-sys[1].txt
C:\Documents and Settings\ip\Cookies\ip@hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@focalex[2].txt
C:\Documents and Settings\ip\Cookies\ip@trafficmp[2].txt
C:\Documents and Settings\ip\Cookies\ip@livenation.122.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.realtechnetwork[2].txt
C:\Documents and Settings\ip\Cookies\ip@ads.addynamix[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wflialczkgq.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.googleadservices[1].txt
C:\Documents and Settings\ip\Cookies\ip@atdmt[2].txt
C:\Documents and Settings\ip\Cookies\ip@int.sitestat[2].txt
C:\Documents and Settings\ip\Cookies\ip@ads.adbrite[2].txt
C:\Documents and Settings\ip\Cookies\ip@precisionclick[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjnyqiczwao.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@edge.ru4[2].txt
C:\Documents and Settings\ip\Cookies\ip@coolsavings[1].txt
C:\Documents and Settings\ip\Cookies\ip@tradedoubler[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wfkiclazehq.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjliwhd5ghq.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@advertising[2].txt
C:\Documents and Settings\ip\Cookies\ip@mywebsearch[2].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-gatehousemedia.hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@adopt.euroclick[3].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-mccormick.hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.burstnet[2].txt
C:\Documents and Settings\ip\Cookies\ip@richmedia.yahoo[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6whmycjcpibo.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@tacoda[3].txt
C:\Documents and Settings\ip\Cookies\ip@buycom.122.2o7[2].txt
C:\Documents and Settings\ip\Cookies\ip@int.sitestat[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjnygjcpsho.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wfmiomajghp.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@burstnet[1].txt
C:\Documents and Settings\ip\Cookies\ip@toseeka[1].txt
C:\Documents and Settings\ip\Cookies\ip@casalemedia[2].txt
C:\Documents and Settings\ip\Cookies\ip@educationconnection.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-tigerdirect2.hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@bizrate[1].txt
C:\Documents and Settings\ip\Cookies\ip@reduxads.valuead[2].txt
C:\Documents and Settings\ip\Cookies\ip@mobileentertainment.directtrack[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wakigidpigo.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@gcc-00.googleadservices[1].txt
C:\Documents and Settings\ip\Cookies\ip@tremor.adbureau[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wblyqkcpodo.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@apmebf[2].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-mbm.hitbox[2].txt
C:\Documents and Settings\ip\Cookies\ip@xxxblackbook[2].txt
C:\Documents and Settings\ip\Cookies\ip@publishers.clickbooth[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.thesexblog[2].txt
C:\Documents and Settings\ip\Cookies\ip@image.masterstats[1].txt
C:\Documents and Settings\ip\Cookies\ip@ad.yieldmanager[3].txt
C:\Documents and Settings\ip\Cookies\ip@revsci[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjk4kldpabq.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@screensavers[2].txt
C:\Documents and Settings\ip\Cookies\ip@lists2.mediaonecontact[2].txt
C:\Documents and Settings\ip\Cookies\ip@media.adrevolver[3].txt
C:\Documents and Settings\ip\Cookies\ip@incentaclick[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.bridgetrack[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjkyaocjglq.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@counter.hitslink[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.adengage[2].txt
C:\Documents and Settings\ip\Cookies\ip@statcounter[1].txt
C:\Documents and Settings\ip\Cookies\ip@adecn[2].txt
C:\Documents and Settings\ip\Cookies\ip@amlocalhost.trymedia[2].txt
C:\Documents and Settings\ip\Cookies\ip@adjobfinder[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.clickfln[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.incentaclick[1].txt
C:\Documents and Settings\ip\Cookies\ip@reunion.adbureau[2].txt
C:\Documents and Settings\ip\Cookies\ip@reunioncom.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjk4wmcjclo.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@clicksor[2].txt
C:\Documents and Settings\ip\Cookies\ip@stats.adbrite[2].txt
C:\Documents and Settings\ip\Cookies\ip@2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@a.websponsors[2].txt
C:\Documents and Settings\ip\Cookies\ip@web4.realtracker[1].txt
C:\Documents and Settings\ip\Cookies\ip@dyn.mediapartners-img[2].txt
C:\Documents and Settings\ip\Cookies\ip@perf.overture[1].txt
C:\Documents and Settings\ip\Cookies\ip@collective-media[1].txt
C:\Documents and Settings\ip\Cookies\ip@paypal.112.2o7[2].txt
C:\Documents and Settings\ip\Cookies\ip@nuttinbuttsexxy[1].txt
C:\Documents and Settings\ip\Cookies\ip@imageads6.googleadservices[1].txt
C:\Documents and Settings\ip\Cookies\ip@host-d.oddcast[3].txt
C:\Documents and Settings\ip\Cookies\ip@nextag[2].txt
C:\Documents and Settings\ip\Cookies\ip@mediaplex[3].txt
C:\Documents and Settings\ip\Cookies\ip@ads.revsci[1].txt
C:\Documents and Settings\ip\Cookies\ip@imrworldwide[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjlispd5mgo.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@interclick[3].txt
C:\Documents and Settings\ip\Cookies\ip@adbrite[2].txt
C:\Documents and Settings\ip\Cookies\ip@adrevolver[2].txt
C:\Documents and Settings\ip\Cookies\ip@doubleclick[2].txt
C:\Documents and Settings\ip\Cookies\ip@fastclick[3].txt
C:\Documents and Settings\ip\Cookies\ip@electronicarts.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@brightcove.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@akmediapartners-img[2].txt
C:\Documents and Settings\ip\Cookies\ip@hotsexyplumpers[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.directnetadvertising[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.googleadservices[3].txt
C:\Documents and Settings\ip\Cookies\ip@azjmp[2].txt
C:\Documents and Settings\ip\Cookies\ip@rdr.hitmngr[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.stopzilla[1].txt
C:\Documents and Settings\ip\Cookies\ip@togetherinporn[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjkyokczckp.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@hotbar[1].txt
C:\Documents and Settings\ip\Cookies\ip@equityresidential.122.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.realtechnetwork[1].txt
C:\Documents and Settings\ip\Cookies\ip@kaboose.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@adtech[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.malwareburn[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.virprotect[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjl4wlajifq.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wflowpc5geo.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@thumbplay.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@sales.liveperson[2].txt
C:\Documents and Settings\ip\Cookies\ip@ehg-i21.hitbox[1].txt
C:\Documents and Settings\ip\Cookies\ip@adserver4.teracent[1].txt
C:\Documents and Settings\ip\Cookies\ip@zango[3].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wjkoukcjsgp.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@audit.median[1].txt
C:\Documents and Settings\ip\Cookies\ip@winpcdoctor[2].txt
C:\Documents and Settings\ip\Cookies\ip@dyn.akmediapartners-img[1].txt
C:\Documents and Settings\ip\Cookies\ip@nandomedia[1].txt
C:\Documents and Settings\ip\Cookies\ip@fliptrack[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.gmodules[1].txt
C:\Documents and Settings\ip\Cookies\ip@rotator.adjuggler[1].txt
C:\Documents and Settings\ip\Cookies\ip@anat.tacoda[1].txt
C:\Documents and Settings\ip\Cookies\ip@pro-market[1].txt
C:\Documents and Settings\ip\Cookies\ip@anad.tacoda[1].txt
C:\Documents and Settings\ip\Cookies\ip@videoegg.adbureau[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.hotsexyplumpers[1].txt
C:\Documents and Settings\ip\Cookies\ip@zango[2].txt
C:\Documents and Settings\ip\Cookies\ip@brightsidemediagroup[1].txt
C:\Documents and Settings\ip\Cookies\ip@arbitrack[1].txt
C:\Documents and Settings\ip\Cookies\ip@traffic.buyservices[1].txt
C:\Documents and Settings\ip\Cookies\ip@sexlist[2].txt
C:\Documents and Settings\ip\Cookies\ip@winsecureav[2].txt
C:\Documents and Settings\ip\Cookies\ip@host.oddcast[1].txt
C:\Documents and Settings\ip\Cookies\ip@viavh1video.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@login.tracking101[2].txt
C:\Documents and Settings\ip\Cookies\ip@gearyinteractive.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@statsgod[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.googleadservices[4].txt
C:\Documents and Settings\ip\Cookies\ip@www.googleadservices[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.winspykiller[1].txt
C:\Documents and Settings\ip\Cookies\ip@fusetv.112.2o7[1].txt
C:\Documents and Settings\ip\Cookies\ip@ad.httpool[1].txt
C:\Documents and Settings\ip\Cookies\ip@yadro[2].txt
C:\Documents and Settings\ip\Cookies\ip@directtrack[2].txt
C:\Documents and Settings\ip\Cookies\ip@adserv2.racingjunk[1].txt
C:\Documents and Settings\ip\Cookies\ip@atwola[2].txt
C:\Documents and Settings\ip\Cookies\ip@lists2.mymediarevenuesolutions[2].txt
C:\Documents and Settings\ip\Cookies\ip@winspycontrol[2].txt
C:\Documents and Settings\ip\Cookies\ip@stat.onestat[2].txt
C:\Documents and Settings\ip\Cookies\ip@sales.liveperson[3].txt
C:\Documents and Settings\ip\Cookies\ip@zango[4].txt
C:\Documents and Settings\ip\Cookies\ip@host-d.oddcast[1].txt
C:\Documents and Settings\ip\Cookies\ip@onetruemedia[2].txt
C:\Documents and Settings\ip\Cookies\ip@eyewonder[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wcmieocjshp.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@try.screensavers[1].txt
C:\Documents and Settings\ip\Cookies\ip@adserver5.teracent[2].txt
C:\Documents and Settings\ip\Cookies\ip@i.screensavers[1].txt
C:\Documents and Settings\ip\Cookies\ip@media.licenseacquisition[1].txt
C:\Documents and Settings\ip\Cookies\ip@sextracker[2].txt
C:\Documents and Settings\ip\Cookies\ip@server.iad.liveperson[2].txt
C:\Documents and Settings\ip\Cookies\ip@adultadworld[2].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wamychdzwep.stats.esomniture[1].txt
C:\Documents and Settings\ip\Cookies\ip@content.licenseacquisition[1].txt
C:\Documents and Settings\ip\Cookies\ip@ads.madisonavenue[1].txt
C:\Documents and Settings\ip\Cookies\ip@e-2dj6wakycpcjego.stats.esomniture[2].txt
C:\Documents and Settings\ip\Cookies\ip@imageads6.googleadservices[2].txt
C:\Documents and Settings\ip\Cookies\ip@zango[1].txt
C:\Documents and Settings\ip\Cookies\ip@server.iad.liveperson[1].txt
C:\Documents and Settings\ip\Cookies\ip@protect.winspycontrol[1].txt
C:\Documents and Settings\ip\Cookies\ip@www.antispyshield[1].txt
C:\Documents and Settings\ip\Cookies\ip@winanonymous[2].txt
C:\Documents and Settings\ip\Cookies\ip@www.xxxblackbook[1].txt
C:\Documents and Settings\ip\Cookies\ip@mediapartners-img[2].txt
C:\Documents and Settings\ip\Cookies\ip@clickbank[1].txt
C:\Documents and Settings\ip\Cookies\ip@1xxx.cqcounter[1].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Malware.VirusProtect
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\CLSID
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\ewXxcDdpZkruu
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\eydBycrCdE
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\gePpeh
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32#ThreadingModel
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32#Class
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32#Assembly
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32#RuntimeVersion
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A672

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 06 January 2008 - 07:57 AM

You did not follow all the instructions for using Smitfruadfix. The rapport.txt you posted indicates that you only ran option #1 while in normal mode. You still need to complete the next step. Please print out these "instructions".
  • Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
I would also like to see the C:\vundofix.txt.

Let us now how your computer is running afterwards and if there are any more problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 06 January 2008 - 12:35 PM

I did as you said....
SmitFraudFix v2.274

Scan done at 9:31:37.93, Sun 01/06/2008
Run from C:\Documents and Settings\ip\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\ip


C:\Documents and Settings\ip\Application Data


Start Menu


C:\DOCUME~1\ip\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.94.163.100
DNS Server Search Order: 24.94.163.101

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101


Scanning for wininet.dll infection


End

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 06 January 2008 - 04:11 PM

According to the log posted above, you ran option #1 again in normal mode. You need to run option #2 in safe mode. Please review the instructions in the link I provided above. Under Use, scroll down to the section titled Clean below the instructions for Search.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 06 January 2008 - 06:28 PM

I did run in safe mode....I swear. I will re-do.

#10 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 06 January 2008 - 07:28 PM

ok here is the rapport.txt........SmitFraudFix v2.274

Scan done at 16:07:02.67, Sun 01/06/2008
Run from C:\Documents and Settings\ip\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E347E0FE-8294-4FE0-9D16-BA3A66E65334}: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.94.163.100 24.94.163.101


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

And here is the other in safe mode

SmitFraudFix v2.274

Scan done at 16:07:02.67, Sun 01/06/2008
Run from C:\Documents and Settings\ip\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 06 January 2008 - 07:34 PM

That's better. I would also like to see the log file from Vundofix located at C:\vundofix.txt.

How is your computer running now? Any more signs of the infection?.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 kim661

kim661
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:MT
  • Local time:09:27 PM

Posted 06 January 2008 - 07:42 PM

yes, it seems to be better. But when the virus popped up the pc started running hot and shutting itself down. Does that have anything to do with the virus. I never ran hot before.I will go get you the other log.....just looked up log...says none found....now what?

Edited by kim661, 06 January 2008 - 07:43 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:27 PM

Posted 06 January 2008 - 07:54 PM

There are various issues related to an overheating system - failed processor fan, failing power supply, underpowered power supply, CPU overheating, motherboard, video card, dirty hardware, etc. If the computer is overheating, it usually begins to restart on a more regular basis. If your not finding any malware then its sounds like one of the latter problems.

When was the last time you cleaned the inside of your computer? Dust restricts the airflow and prevents proper cooling. This in turn can cause overheating and faulty processor fans which can result in unexpected shutdowns, random restarts, booting problems, etc.
  • Open your machine, check all the connections and make sure the fans are all operational.
  • Check the heat sink on the processor to ensure it is not blocked with dust or debris.
  • Remove the CPU's cooling unit and clean the fins on the heat sink that sits under the CPU with a can of compressed air.
  • Inspect the thermal compound between the CPU and heatsink as it can break down over time so.
  • Remove the cards and RAM modules, clean the contacts and reseat them.
  • Feel the CPU heatsink when it powers down. It should be warm to very warm but not hot.
  • Monitor the temperature of your CPU, motherboard, hard disks, voltages, and fan speeds.
See "Cleaning the Interior of your PC" and "General Cleaning Tricks & Tips".

Some video cards run so hot that they have their own cooling system. If the fan fails, the video processor will not be far behind and your system may start crashing. If that is the case see "Illustrated How to Replace an AGP Video Card" and "10 things to know before buying a video card".

Download and run Motherboard Monitor 5. If Motherboard Monitor's seems to be reporting high temperatures for your CPU check to see what your max CPU temp is from here.

You can also use NextSensor to check temperature and voltage or SpeedFan to monitor voltages, fan speed, SMART status, and temperatures. SpeedFan can help you investigate the reasons for an unpredictable reboot or for a failing hard disk as well as whether you are likely to experience temperature related issues.

There are suggestions for troubleshooting power supply, video card, CPU, RAM, MB and hard drive here and here.

You can use BurnInTest to stress test the CPU, hard drives, RAM, CD-ROMs, CD burners, DVDs, sound cards, graphics, network connection, printers, video playback. This utility works on all Windows versions to include Vista (32-bit & 64-bit).

In Windows XP, the default setting is for the computer to reboot automatically when a fatal error or crash occurs. You should be able to see the error by looking in the Event Log. Read "How To Use the Event Viewer Applet". You can then gather more information doing a search of the Event ID number at:
"EventID.Net".
"Windows Security Log Events".
"Events and Errors Message Center".

An alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message when it happens - this is also known as the Blue Screen Of Death (BSOD).

To change the recovery settings and Disable Automatic Rebooting, go to Start > Run and type: sysdm.cpl
Click Ok or just press WINKEY + Pause/Break keys to bring up System Properties.
  • Go to the Advanced tab and under "Startup and Recovery", click on the "Settings" button and go to "System failure".
  • Make sure "Write an event to the system log" is checked and that "Automatically restart" is UNchecked.
  • Click "OK" and reboot for the changes to take effect.
Doing this won't cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with an error code and other information that will allow you to better trace your problem. You can use Google to search the error code or use the links below to investigate and troubleshoot.

"Extract troubleshooting info from Windows XP BSOD error messages".
"How to Find BSOD Error Messages".
"Events and Errors Message Center".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users