Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freeze!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Ally Maypole

Ally Maypole

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 01 August 2006 - 09:29 AM

Hello all,

My computer has taken to freezing, a few moments after switching it on and booting. Then there's nothing to be done but switch off and reboot. When it comes back on, it says it has recovered from a serious error.

This has only started happening since I installed an encryption program called Cryptainer. I've deinstalled it now, but the same thing still keeps happening. I've no proof, of course, that this is the cause but it does seem the most likely.

The error report runs like this:

BCCode : 1000008e BCP1 : C0000005 BCP2 : 8064612E BCP3 : F22CB7CA

BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

(Doesn't make a lot of sense to me!)

The affected files are these:


C:\DOCUME~1\Ally\LOCALS~1\Temp\WER5693.dir00\Mini080106-01.dmp

C:\DOCUME~1\Ally\LOCALS~1\Temp\WER5693.dir00\sysdata.xml


Maybe this will make sense to some of the brainboxes here!



Thanks and regards,



Ally.

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:01:58 AM

Posted 01 August 2006 - 09:34 AM

Use Windows System Restore to go back to a date that preceeds your installation of Cryptainer.

To access Windows System Restore
Click start/programs/accessories/system tools/system restore.

Click on a highlighted date that is earlier than your installation of Cryptainer.

Let us know.

#3 Ally Maypole

Ally Maypole
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 01 August 2006 - 09:38 AM

Thanks, but actually I've tried this and it doesn't see to make any difference.

I heard somewhere that Cryptainer makes dodgy memory dumps, or something like that. Not sure what that means, but it doesn't sound nice!

#4 Ally Maypole

Ally Maypole
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 01 August 2006 - 09:46 AM

I will just add a log here:

Logfile of HijackThis v1.99.1
Scan saved at 15:43:52, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\pmxpropx.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\BufferZone\ClientGUI.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146009839626
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37840.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D945083-0E60-4C95-94D5-5C7D94AF58AA}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D945083-0E60-4C95-94D5-5C7D94AF58AA}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D945083-0E60-4C95-94D5-5C7D94AF58AA}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:01:58 AM

Posted 01 August 2006 - 09:56 AM

Actually, the HJT log needs to go here:
http://www.bleepingcomputer.com/forums/posthjtlog.html
Because that's where the HJT team will look for it.
A mod will move it after they see it but that may delay the response until that happens.

#6 Ally Maypole

Ally Maypole
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 01 August 2006 - 11:03 AM

OK, thank you.

#7 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:58 AM

Posted 01 August 2006 - 11:13 AM

The log having been posted in the HJT forum, this topic will be closed to prevent posting in this thread, as any changes suggested and made by the member could invalidate the HJT log submitted, and make additional work for both the member and the volunteer HJT team.
Regards,
John

Edited by jgweed, 01 August 2006 - 11:15 AM.

Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users