Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Reboots When Installing Certain Software


  • This topic is locked This topic is locked
3 replies to this topic

#1 msjfb

msjfb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 31 August 2006 - 01:52 PM

I get a BSOD (Blue Screan of Death) when trying to install certain software (ActiveSync and WindowsMediaPlayer11). Was fine before a virus infection.

Tried numerous cleanup programs, and I no longer have any reports of virus found, but problem still exists.
Maybe you can spot in the HJT log something I cannot see... Or have suggestions...
Thanks


Here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:40:50 PM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
d:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
D:\PROGRA~1\Pronexus\VBVoice\NLOGSE~1.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Dantz\Client\Remotsvc.exe
d:\Program Files\Dantz\Client\retroclient.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\PROGRA~1\Pronexus\VBVoice\VBVARB~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\Program Files\Cerience\RepliGo2_0\RepliGoMon.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
d:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
D:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
d:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francois\Desktop\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
O1 - Hosts: 172.16.1.2 server1.dkl.com
O1 - Hosts: 172.16.1.6 bugs.dkl.com
O1 - Hosts: 172.16.1.222 bugs2.dkl.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - d:\Program Files\Cerience\RepliGo2_0\RepliGoIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - d:\Program Files\Cerience\RepliGo2_0\RepliGoIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "d:\Program Files\Cerience\RepliGo2_0\RepliGoMon.exe"
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [mRouterConfig] "d:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mobile User VPN.lnk = D:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
O4 - Global Startup: Phone Connection Monitor.lnk = D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134506602861
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156871944000
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msjfb2000.local
O17 - HKLM\Software\..\Telephony: DomainName = msjfb2000.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msjfb2000.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 172.16.1.10
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = msjfb2000.local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 172.16.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 172.16.1.10
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AnmChannelFactoryServer - Dialogic Corporation - D:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELFACTORYSERVER.exe
O23 - Service: AnmChannelServer - Dialogic Corporation - D:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELSERVER.exe
O23 - Service: AnmLoggerServer - Dialogic Corporation - D:\PROGRA~1\DIALOGIC\BIN\ANMLOGGERSERVER.exe
O23 - Service: AnmSupplierServer - Dialogic Corporation - D:\PROGRA~1\DIALOGIC\BIN\ANMSUPPLIERSERVER.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Dialogic Boardserver (Boardserver) - Intel Corp. - C:\WINDOWS\SYSTEM32\BOARDS~1.EXE
O23 - Service: CT Bus Broker (CTBusBroker) - Dialogic Corporation - d:\PROGRA~1\Dialogic\bin\ctbbserv.exe
O23 - Service: Dialogic System Service (Dialogic) - Dialogic Corporation - d:\PROGRA~1\Dialogic\bin\dlgc_srv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
O23 - Service: NLogServer - Pronexus Inc. - D:\PROGRA~1\Pronexus\VBVoice\NLOGSE~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - d:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: VBVArbiter - Pronexus Inc. - D:\PROGRA~1\Pronexus\VBVoice\VBVARB~1.EXE

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:15 AM

Posted 07 September 2006 - 07:05 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

I apologize for the delay getting to your log, the helpers here are very busy. I don't see any indication of malware from your log. Are you having any other problems that may indicate malware?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 msjfb

msjfb
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 September 2006 - 10:08 AM

Hi,

I think that what hapened is that after infestation, one of the removal tools broke some files in Media Player... Had to re-install Windows. Uninstalling/reinstalling Media Player did not solve the problem.

At least it appears, from your analysis of the log, that all malware was removed...

Thanks,

Frank

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:15 AM

Posted 11 September 2006 - 08:47 PM

It certainly appears that way from the look of your log.

Based on that I'm going to go ahead and close this thread. If you need it to be reopened, send me a PM and I'll open it back up for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users