Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware/Adware problem


  • Please log in to reply
12 replies to this topic

#1 LordSoren

LordSoren

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 23 July 2005 - 02:55 PM

I am currenting running some trouble with a computer I am working on. At first I beleived it to be a hardware related problem, but after replacing the suspect component (power supply) the problem continued. The problem is the computer random freezes / restarts while running outside of safe mode. Also even when in safe mode IE seems to randomly freeze / crash (I am using Netscape right now).

Logfile of HijackThis v1.99.1
Scan saved at 3:52:30 PM, on 23/07/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [mcappins.exe] "C:\DOCUME~1\soren\LOCALS~1\Temp\MCAC394.tmp\mcappins.exe" vsocfg.ini
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I see a few suspect lines in there from previous problems I have, but before I do anything I was looking from some help from the professionals as to what I should do next. Thanks in advance.

Soren

BC AdBot (Login to Remove)

 


#2 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 23 July 2005 - 07:50 PM

I should mention the proceeding log is of Win2k running in Safe Mode (the only way I was able to use the computer for more than 30 or so seconds) I am in the process of trying to get a copy of a hijackthis log running in a full boot mode.

#3 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 23 July 2005 - 08:44 PM

Alright, the problem is getting sucessivally worse. I am now having trouble even using the computer in safe mode (with network support) so even getting logs might become more dificult in the future. I am also having crashes with I try and run Task Moniter or Process Moniter (packaged with Norton) - Starting either of these tends to lock the computer up entirely.

Here is a log of Hijackthis running in non-safe mode.

Logfile of HijackThis v1.99.1 
Scan saved at 6:07:23 PM, on 23/07/2005 
Platform: Windows 2000 SP3 (WinNT 5.00.2195) 
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) 

Running processes: 
C:\WINNT\System32\smss.exe 
C:\WINNT\system32\winlogon.exe 
C:\WINNT\system32\services.exe 
C:\WINNT\system32\lsass.exe 
C:\WINNT\system32\svchost.exe 
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 
C:\WINNT\system32\spoolsv.exe 
C:\WINNT\System32\svchost.exe 
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE 
C:\WINNT\runservice.exe 
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe 
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE 
C:\WINNT\system32\regsvc.exe 
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe 
C:\WINNT\system32\MSTask.exe 
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE 
C:\WINNT\system32\stisvc.exe 
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 
C:\WINNT\System32\WBEM\WinMgmt.exe 
C:\WINNT\System32\mspmspsv.exe 
C:\WINNT\system32\svchost.exe 
C:\WINNT\System32\svchost.exe 
C:\WINNT\Explorer.EXE 
C:\Program Files\Common Files\Symantec Shared\SymTray.exe 
C:\SCANJET\PrecisionScanLT\hppwrsav.exe 
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe 
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe 
C:\Program Files\Common Files\Symantec Shared\ccApp.exe 
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe 
C:\Hijackthis\HijackThis.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\WinZip\WZQKPICK.EXE 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/ 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll 
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll 
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll 
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx 
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll 
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll 
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon 
O4 - HKLM\..\Run: [LoadQM] loadqm.exe 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe 
O4 - HKLM\..\Run: [mcappins.exe] "C:\DOCUME~1\soren\LOCALS~1\Temp\MCAC394.tmp\mcappins.exe" vsocfg.ini 
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe 
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" 
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg 
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe 
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup 
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer 
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe 
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe 
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm 
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm 
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe 
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe 
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll 
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe 
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab 
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab 
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab 
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab 
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab 
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe 
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe 
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe 
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE 
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe 
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe 
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe 
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE 
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe 
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe 
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE 
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Anything further please ask.

#4 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 24 July 2005 - 08:33 AM

Just a little bit more info about my problem. My computer boots fine about 9/10 times at present - occationally it reboots during startup (windows loading screen). Once started you can log on and leave the computer running for as long as you like. I have left it sitting for 30+ minutes and sat down it was working fine. When you try and do something it have a few different things that happen.
  • Video becomes distorted and computer freezes
  • Computer Reboots
When the computer freezes there is nothing I can do save hard rebooting or pressing reset to restart my computer. When the computer reboots it starts again normally.

Thanks for any help that you might be able to provide on this problem.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 PM

Posted 25 July 2005 - 10:38 AM

This line jumps out at me as not normal. Do you know what it is?

If not, fix it as well and delete the file. It may be mcafee related, but should be running from that directory.

O4 - HKLM\..\Run: [mcappins.exe] "C:\DOCUME~1\soren\LOCALS~1\Temp\MCAC394.tmp\mcappins.exe" vsocfg.ini

You can fix this in hijackthis:

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


Also please dont put the log in the code box, its hard to read.

#6 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 25 July 2005 - 11:30 AM

Grinler;

Sorry for using code - I'll refrain for using it in the future. As for the two items you brought up:
  • O4 - HKLM\..\Run: [mcappins.exe] "C:\DOCUME~1\soren\LOCALS~1\Temp\MCAC394.tmp\mcappins.exe" vsocfg.ini
This is an item which I have been trying to find/get rid of for quite some time - It was from a failed install of Mcafee VS. I am surprised I overlooked it. Thanks for pointing it out.
  • O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
I have fixed this problem.

Other than these two items, is there anything in the log which might explain the problems I have been having?

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 PM

Posted 25 July 2005 - 01:31 PM

No nothing else stands out. What I would suggest is that you upgrade to SP4 and see if that helps. There are some known security updates that need to be patched. Do you use a firewall>? Could be someone trying to hack your box using a script (not targetting you personally) and its crashing some services. Updating to sp4 may fix that. Do that and then let me know if its better. If its not after that , I will dig down further

#8 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 25 July 2005 - 03:37 PM

I will try and upgrade to SP4 - however I am not sure how sucessful I will be. The computer tends to crash 2-3 minutes into using it at this point (although it will sit idle for countless hours on end and not crash), both in safe mode and normal mode.

My first thought was that the power supply was going bad in the computer - I replaced it and still had the problems - Do you think this could be a Mobo / Processor / Ram problem? I figured it would be malicious programs if not the power supply, but now I am second guessing that beleif.

Edited by LordSoren, 25 July 2005 - 03:38 PM.


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 PM

Posted 25 July 2005 - 03:56 PM

It is very possible its hardware. Is it in a position where it does not get a lot of ventilation and overheating?

#10 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 25 July 2005 - 05:51 PM

It has been in a position where it is between a desk and a filing cabinet. To my knowledge it is not blocking any ventilation holes. However this summer has been a very hot humid one where I am.

What would be the best way to troubleshoot a hardware problem of this nature (short of rebuilding the computer from scratch)?

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 PM

Posted 25 July 2005 - 07:45 PM

Remove a side of the case and leave it off for a few days and see if it stops crashing

#12 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 26 July 2005 - 09:50 PM

While its a moot point now, throughout this testing phase I did have the side of the computer removed and had it in a position where it had plenty of good ventillation. I suspect something burned out inside the computer - all 3 HDDs were OK (tested them in a different computer), Ram was good (replaced it with some spare ram). Video, Ethernet and Sound were all integrated into the computer so I couldn't test them individually.

Its now a moot point because today I went out and bought a new computer and it will not make its home between the desk and filing cabinet. Got plenty of airflow both at the back and the sides now. Thanks for your help.

BTW, any suggestions on how to troubleshoot defective integrated componets?

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:39 PM

Posted 27 July 2005 - 11:47 AM

There is no real easy way to diagnose integrated components for most of us. There are tools you can use to test for voltage going through certain circuits, but thats beyond me. The best way is just trial and error till you find the one piece thats bad, and then replace the faulty one, instead of trying to fix integrated components.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users