Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Unstable And Crashes On Update


  • Please log in to reply
3 replies to this topic

#1 Will_Decay

Will_Decay

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 28 November 2006 - 12:35 AM

Well more or less what it says in the title. I got infected with a trojan downloader and in the course of removing it I may have messed with the win 32 file. It was a pretty stupid move on my part and neither registry fix or mechanic have helped.

Basicly every time I try to windows update it crashes. It crashed when I tried to search limewire. Blue screen comes up and tells me windows shut down.

And also sometimes when I load up it says there was a system error and when I send a report it begins a 1 minute timer til shut down.



Here is my log file and I would greatly appretiate any help I can get (I already lost one computer cause of something like this)



Logfile of HijackThis v1.99.1
Scan saved at 05:24:23, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Peter\Desktop\hijackthis_sfx.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...899/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


Thanks again, Peter
Never have 2 full running anti virus programs. Its a nasty affair all together.

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:47 AM

Posted 06 December 2006 - 01:41 PM

Hi Peter,

Sorry for the delay, the forum is very busy.

I don't see any signs of malware in your log. It looks clean, and you're running good security programs (AVG and Spyware Doctor). The only thing I don't see is a firewall, I assume you're using the Windows built-in (it doesn't show up in a HJT log). You should consider a two-way firewall, it offers better protection. Check out this tutorial for more information.

You mentioned limewire, that's probably how you got your trojan. If you want to keep using it, that's your decision, but I am obligated to mention that peer-to-peer programs make it easy to pick up malware unless you are very very careful with your downloads.

Regarding your problem, It may be that your system has been damaged by malware, it's also possible that you damaged it in removing the trojan. I don't know what procedures or tools you used.

Either way, what will be needed for diagnosis is the blue screen message that accompanies your crashes. From now on, when you system crashes, write down the exact error message, including all the strings of numbers and letters that appear on the screen. You may get different messages with different crashes. Write them all down, and note what you were doing when the crash occurred.

The best place to post this information is not here. You should start a new topic at the Bleeping Computer Windows XP forum. The people there are very experienced, and they know more than I do about problems like yours. Pay special attention to posts from Moderators and BC Advisors.

Since it appears you are using scanners regularly, I don't think there is much point in asking you to do any more here, except perhaps to do a rootkit scan. If that comes up clean, your next step is definitely a post on the WinXP forum.

Download Blacklight Beta here. The link is at the bottom of the page ("click here to download"). You will get a page explaining the license, click I accept. On the next page, click the top link to download the Graphical user interface version. Save it to your desktop. When you double-click the icon, you will see another license page. Select the I accept radio button and click Next. On the following page, click the Scan button. When the scan is complete, Blacklight will fix anything it finds, then tell you it is finished. Exit the program. You will find a log file on your desktop, the filename will be fsbl-2006xxxxxxxxxx.log. The first four digits are the year, the next four are the month and day. This is a text file and can be opened with notepad.

Post the contents of the blacklight log to a reply here, along with any questions or further information you might want to add.

Dave

#3 Will_Decay

Will_Decay
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 06 December 2006 - 02:49 PM

12/06/06 19:40:12 [Info]: BlackLight Engine 1.0.47 initialized
12/06/06 19:40:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/06/06 19:40:12 [Note]: 7019 4
12/06/06 19:40:12 [Note]: 7005 0
12/06/06 19:40:15 [Note]: 7006 0
12/06/06 19:40:15 [Note]: 7011 1728
12/06/06 19:40:15 [Note]: 7026 0
12/06/06 19:40:15 [Note]: 7026 0
12/06/06 19:40:21 [Note]: FSRAW library version 1.7.1020
12/06/06 19:44:22 [Note]: 7007 0


Thanks for the help man, the scan came up clean so I think it must be something else.

I will keep note of the error messages and let you know, thanks again
Never have 2 full running anti virus programs. Its a nasty affair all together.

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:47 AM

Posted 06 December 2006 - 04:17 PM

Hi Peter,

Quick work! The Blacklight scan is clean. Your problem is not malware. As I said before, please post the error message(s) to a new topic in the WinXP Forum. Here is a link.

You will get much quicker answers and better advice over there. My area is malware, I also know something about hardware, but this kind of operating system repair I have relatively little knowledge of. Also, unlike here, anyone can post answers on that forum, so you will get the benefit of several people's experience.

Good luck --

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users