|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
11-27-2006, 09:32 AM
|
#1 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
PC Crashing in Normal Mode
Having found a PC I was asked to clean in a terrible state, I gave it the full treatment of all the tools I could get my hands on. There was Winantivirus Pro 2006 (still showing as an independant icon in the control panel in safe mode), multiple dll error messeges and the major problem of the PC crashing after about a minute or two whilst in normal mode. I followed this procedure and ran the following progs:
Installed Antivirus and Firewall Turned off System Restore Booted into Safe Mode Ran CCleaner Ran AVG Scan Ran Stinger Ran Spybot Ran Adaware Ran CWShredder Ran Trojan Hunter Ran VX2 Cleaner Ran WinSockFix Ran Virtumundobegone (Nothing Found! - Exciting!!!! hmmm) Ran fixdxc.reg (which removed Deluxe Communications) I am now left with the following HJT Log which was obtained in Safe mode as I still get the PC crashing constantly whilst in Normal mode. Also, Whilst in normal mode, I put in my flash drive and it does not appear. Is there a driver problem? I would appreciate any help available - Many Thanks Alex Logfile of HijackThis v1.99.1 Scan saved at 15:12:10, on 27/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137183239\ee\AOLHostManager.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0v\aoltray.exe O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
11-27-2006, 01:33 PM
|
#2 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
Try opening Start >> Run type in prefetch. Select all files from this folder and delete them.
Then start >> run type in msconfig and disable all start up programs and reboot. Post the results. |
|
|
|
|
11-28-2006, 08:17 AM
|
#3 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Thanks for the reply, I tried the above steps and rebooted into safe mode. I still get MSN Messenger starting and appearing on screen. The computer also turned itself off after a couple of minutes again. I tried to change the name of HJT to scan.exe while in Safe Mode and ran the scan, it came out with this log.
Logfile of HijackThis v1.99.1 Scan saved at 14:23:12, on 28/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\HJT\scan.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks Alex Last edited by alexcraw; 11-28-2006 at 08:30 AM. |
|
|
|
|
11-28-2006, 09:10 AM
|
#4 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
That log looks clean.
To discount any hardware issues, crack the machine open and make sure the fans are working. Also, place your hand to the rear of the psu and make sure the psu fan is operating properly. If they are, try running rootkit revealer get it at the bottom of this page. Also run autoruns to see what is actually running on this machine get it here. If it reveals more processes than windows is reporting, post them here. |
|
|
|
|
11-28-2006, 09:42 AM
|
#5 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I just re-read my post above and it sounds confusing - my fault. I'll try to explain better.
I can boot into safe mode and it'll run all day and night. The moment I boot into normal mode, it launches MSN messenger, AVG, and then switches itself off after about 1 minute. I have just turned system restore back on before it crashed and tried to see what was available down that route - no checkpoints available, the've all disappeared. I am still confronted with a winantivirus pro 2006 icon in the control panel. I will now try those instructions you posted above. Thanks |
|
|
|
|
11-28-2006, 10:11 AM
|
#6 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
If you are willing to get your hands dirty, I'll help you track down the root of that piece of *malware*.
 . first, open regedit and export the registry. next, delete these keys: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce fat.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run winantiviruspro2006 HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect.1 HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect.1\clsid HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect\clsid HKEY_CLASSES_ROOT\appid\{367a86a5-d048-4785-86be-4e2706aafdd9} HKEY_CLASSES_ROOT\appid\winpgi.dll appid HKEY_CLASSES_ROOT\avexplorer.shellextension HKEY_CLASSES_ROOT\avexplorer.shellextension.2 HKEY_CLASSES_ROOT\avexplorer.shellextension.2\clsid HKEY_CLASSES_ROOT\avexplorer.shellextension\clsid HKEY_CLASSES_ROOT\avexplorer.shellextension\curver HKEY_CLASSES_ROOT\clsid\{1ac5c88a-dea7-462b-a232-04af5ca42e7e} HKEY_CLASSES_ROOT\clsid\{1ac5c88a-dea7-462b-a232-04af5ca42e7e} appid HKEY_CLASSES_ROOT\clsid\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} HKEY_CLASSES_ROOT\clsid\{723d54c7-7483-4eb8-8eed-ce5b2aea534d} HKEY_CLASSES_ROOT\clsid\{b2a3156e-3332-4b47-af5a-5b121503514f} HKEY_CLASSES_ROOT\clsid\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} HKEY_CLASSES_ROOT\iefwbho.iefw HKEY_CLASSES_ROOT\iefwbho.iefw.2 HKEY_CLASSES_ROOT\iefwbho.iefw.2\clsid HKEY_CLASSES_ROOT\iefwbho.iefw\clsid HKEY_CLASSES_ROOT\iefwbho.iefw\curver HKEY_CLASSES_ROOT\interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442} HKEY_CLASSES_ROOT\interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123} HKEY_CLASSES_ROOT\interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}\proxystubclsid HKEY_CLASSES_ROOT\interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}\proxystubclsid32 HKEY_CLASSES_ROOT\interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}\typelib HKEY_CLASSES_ROOT\interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}\typelib version HKEY_CLASSES_ROOT\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235} HKEY_CLASSES_ROOT\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}\1.0 HKEY_CLASSES_ROOT\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}\1.0\flags HKEY_CLASSES_ROOT\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}\1.0\helpdir HKEY_CLASSES_ROOT\typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276} HKEY_CLASSES_ROOT\typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}\1.0 HKEY_CLASSES_ROOT\typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}\1.0\flags HKEY_CLASSES_ROOT\typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}\1.0\helpdir HKEY_CLASSES_ROOT\typelib\{367a86a5-d048-4785-86be-4e2706aafdd9} HKEY_CLASSES_ROOT\typelib\{367a86a5-d048-4785-86be-4e2706aafdd9}\1.0 HKEY_CLASSES_ROOT\typelib\{367a86a5-d048-4785-86be-4e2706aafdd9}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{367a86a5-d048-4785-86be-4e2706aafdd9}\1.0\flags HKEY_CLASSES_ROOT\typelib\{367a86a5-d048-4785-86be-4e2706aafdd9}\1.0\helpdir HKEY_CLASSES_ROOT\typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9} HKEY_CLASSES_ROOT\typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9}\1.0 HKEY_CLASSES_ROOT\typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9}\1.0\flags HKEY_CLASSES_ROOT\typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9}\1.0\helpdir HKEY_CLASSES_ROOT\wap6.pcheck HKEY_CLASSES_ROOT\wap6.pcheck.1 HKEY_CLASSES_ROOT\wap6.pcheck.1\clsid HKEY_CLASSES_ROOT\wap6.pcheck\clsid HKEY_CLASSES_ROOT\wap6.pcheck\curver HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator.1 HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator.1\clsid HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator\clsid HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator\curver HKEY_CURRENT_USER\software\winantivirus pro 2006 HKEY_CURRENT_USER\software\winantivirus pro 2006 active HKEY_CURRENT_USER\software\winantivirus pro 2006 allowpopupclicktype HKEY_CURRENT_USER\software\winantivirus pro 2006 blockdomainonpopups HKEY_CURRENT_USER\software\winantivirus pro 2006 blockdomainpopuplimit HKEY_CURRENT_USER\software\winantivirus pro 2006 defaultaction HKEY_CURRENT_USER\software\winantivirus pro 2006 iepage HKEY_CURRENT_USER\software\winantivirus pro 2006 mozillapage HKEY_CURRENT_USER\software\winantivirus pro 2006 normalizeaddborders HKEY_CURRENT_USER\software\winantivirus pro 2006 normalizeaddmenuandtoolbar HKEY_CURRENT_USER\software\winantivirus pro 2006 normalizefittodesktop HKEY_CURRENT_USER\software\winantivirus pro 2006 normalizeopenedpopups HKEY_CURRENT_USER\software\winantivirus pro 2006 startblockontimedpopups HKEY_CURRENT_USER\software\winantivirus pro 2006 storehistory HKEY_CURRENT_USER\software\winantivirus pro 2006 timedpopuplimit HKEY_CURRENT_USER\software\winantivirus pro 2006\settings enableieblocksite HKEY_CURRENT_USER\software\winantivirus pro 2006\settings enableis HKEY_CURRENT_USER\software\winantivirus pro 2006\settings isscanmask HKEY_CURRENT_USER\software\winantivirus pro 2006\settings lastlogontime HKEY_CURRENT_USER\software\winantivirus pro 2006\settings mailprotect HKEY_CURRENT_USER\software\winantivirus pro 2006\settings needresetasactive HKEY_CURRENT_USER\software\winantivirus pro 2006\settings needresetfwactive HKEY_CURRENT_USER\software\winantivirus pro 2006\settings needresetisactive HKEY_CURRENT_USER\software\winantivirus pro 2006\settings onpopupeventpopupsnum HKEY_CURRENT_USER\software\winantivirus pro 2006\settings updatedata HKEY_CURRENT_USER\software\winantivirus pro 2006\settings updatedatabin HKEY_CURRENT_USER\software\winantivirus pro 2006\settings virusshield HKEY_CURRENT_USER\software\winantivirus pro 2006\settings vsscan HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run winantiviruspro2006 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce fat.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\common files\winantivirus pro 2006\wapchk.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wa6p_is1 HKEY_LOCAL_MACHINE\software\winantivirus pro 2006 then, delete these files: %program_files%\common files\uwa6pcw.exe %program_files%\winantivirus pro 2006\activate.exe %program_files%\winantivirus pro 2006\compwiz.exe %profile%\local settings\temp\icd1.tmp\uwa6p_0001_n91m1807netinstaller.exe winantiviruspro2006freeinstall_de.exe winantiviruspro2006freeinstall.exe %profile%\local settings\temp\~wa6psetup.exe setup.exe 613d6c0a.exe %program_files%\winantivirus pro 2006\vaext.exe %program_files%\winantivirus pro 2006\winav.exe %system%\stera.exe %windows%\temp\~wa6psetup.exe %program_files%\winantivirus pro 2006\pv.exe %program_files%\winantivirus pro 2006\updater.exe %program_files%\winantivirus pro 2006\unins000.exe %program_files%\winantivirus pro 2006\fat.exe %program_files%\winantivirus pro 2006\fopn.exe %program_files%\winantivirus pro 2006\fwsvc.exe %program_files%\winantivirus pro 2006\install.exe %program_files%\winantivirus pro 2006\insthelp.exe %program_files%\winantivirus pro 2006\plugins\ua27308.dll %program_files%\winantivirus pro 2006\plugins\ua27307.dll %program_files%\winantivirus pro 2006\plugins\ua27306.dll %program_files%\winantivirus pro 2006\plugins\ua27305.dll %program_files%\winantivirus pro 2006\plugins\ua27304.dll %program_files%\winantivirus pro 2006\plugins\ua27303.dll %program_files%\winantivirus pro 2006\plugins\ua27302.dll %program_files%\winantivirus pro 2006\plugins\ua27301.dll %program_files%\winantivirus pro 2006\plugins\ua27217.dll %program_files%\winantivirus pro 2006\plugins\ua27216.dll %program_files%\winantivirus pro 2006\plugins\ua27215.dll %program_files%\winantivirus pro 2006\plugins\ua27214.dll %program_files%\winantivirus pro 2006\plugins\ua27213.dll %program_files%\winantivirus pro 2006\plugins\ua27212.dll %program_files%\winantivirus pro 2006\plugins\ua27211.dll %program_files%\winantivirus pro 2006\plugins\ua27210.dll %program_files%\winantivirus pro 2006\plugins\ua27209.dll %program_files%\winantivirus pro 2006\plugins\ua27208.dll %program_files%\winantivirus pro 2006\plugins\ua27207.dll %program_files%\winantivirus pro 2006\plugins\ua27206.dll %program_files%\winantivirus pro 2006\plugins\ua27205.dll %program_files%\winantivirus pro 2006\plugins\ua27204.dll %program_files%\winantivirus pro 2006\plugins\ua27203.dll %program_files%\winantivirus pro 2006\plugins\ua27202.dll %program_files%\winantivirus pro 2006\plugins\ua27201.dll %program_files%\winantivirus pro 2006\plugins\scanwin1.dll %program_files%\winantivirus pro 2006\plugins\scantroj.dll %program_files%\winantivirus pro 2006\plugins\scantool.dll %program_files%\winantivirus pro 2006\plugins\scanscr.dll %program_files%\winantivirus pro 2006\plugins\scanothr.dll %program_files%\winantivirus pro 2006\plugins\scanmcr1.dll %program_files%\winantivirus pro 2006\plugins\scankrnl.dll %program_files%\winantivirus pro 2006\plugins\scanfunc.dll %program_files%\winantivirus pro 2006\plugins\scandos1.dll %program_files%\winantivirus pro 2006\plugins\scandldr.dll %program_files%\winantivirus pro 2006\plugins\scanbcdr.dll %program_files%\winantivirus pro 2006\msvcr71.dll %program_files%\winantivirus pro 2006\plugins\scanadwr.dll %program_files%\winantivirus pro 2006\plugins\borlndmm.dll %program_files%\winantivirus pro 2006\msvcp71.dll %program_files%\winantivirus pro 2006\mfc71.dll %program_files%\winantivirus pro 2006\iefwbho.dll %program_files%\winantivirus pro 2006\fopnl.dll %program_files%\winantivirus pro 2006\download\qzcqublp\uadaily.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\uadaily.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27304.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27303.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27301.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\scankrnl.dll %program_files%\winantivirus pro 2006\atl71.dll %program_files%\winantivirus pro 2006\plugins\update\ua27305.dll %program_files%\winantivirus pro 2006\plugins\update\ua27304.dll %program_files%\winantivirus pro 2006\plugins\update\ua27303.dll %program_files%\winantivirus pro 2006\plugins\update\ua27302.dll %program_files%\winantivirus pro 2006\plugins\update\ua27301.dll %program_files%\winantivirus pro 2006\plugins\update\ua27217.dll %program_files%\winantivirus pro 2006\plugins\update\ua27216.dll %program_files%\winantivirus pro 2006\plugins\update\ua27215.dll %program_files%\winantivirus pro 2006\plugins\update\ua27214.dll %program_files%\winantivirus pro 2006\plugins\update\ua27213.dll %program_files%\winantivirus pro 2006\plugins\update\ua27212.dll %program_files%\winantivirus pro 2006\plugins\update\ua27211.dll %program_files%\winantivirus pro 2006\plugins\update\ua27210.dll %program_files%\winantivirus pro 2006\plugins\update\ua27209.dll %program_files%\winantivirus pro 2006\plugins\update\ua27208.dll %program_files%\winantivirus pro 2006\plugins\update\ua27207.dll %program_files%\winantivirus pro 2006\plugins\update\ua27206.dll %program_files%\winantivirus pro 2006\plugins\update\ua27205.dll %program_files%\winantivirus pro 2006\plugins\update\ua27204.dll %program_files%\winantivirus pro 2006\plugins\update\ua27203.dll %program_files%\winantivirus pro 2006\plugins\update\ua27202.dll %program_files%\winantivirus pro 2006\plugins\unpepack.dll %program_files%\winantivirus pro 2006\plugins\update\ua27201.dll %program_files%\winantivirus pro 2006\plugins\unpacks2.dll %program_files%\winantivirus pro 2006\plugins\unpacks.dll %program_files%\winantivirus pro 2006\plugins\unpack.dll %program_files%\winantivirus pro 2006\plugins\unmime.dll %program_files%\winantivirus pro 2006\plugins\unamscan.dll %program_files%\winantivirus pro 2006\plugins\unadbx.dll %program_files%\winantivirus pro 2006\plugins\unacpu.dll %program_files%\winantivirus pro 2006\plugins\uadaily.dll %program_files%\winantivirus pro 2006\sporder.dll %program_files%\winantivirus pro 2006\rulsrv.dll %program_files%\winantivirus pro 2006\rpt.dll %program_files%\winantivirus pro 2006\plugins\update\uadaily.dll %program_files%\winantivirus pro 2006\plugins\update\ua27308.dll %program_files%\winantivirus pro 2006\plugins\update\ua27307.dll %program_files%\winantivirus pro 2006\plugins\update\ua27306.dll %program_files%\winantivirus pro 2006\winpgi.dll %program_files%\winantivirus pro 2006\wav6com.dll %program_files%\winantivirus pro 2006\sqlite3.dll %program_files%\winantivirus pro 2006\avkernel.dll %program_files%\winantivirus pro 2006\asmngr.dll %program_files%\common files\winantivirus pro 2006\wapchk.dll wapchk{5c092e82-a2b0-442b-bc0b-b84bda5ffbd1}.dll you will need to search for these files and delete them: ~wa6psetup.exe 3025389 3025391 3025396 3025397 3025402 3025405 3025408 3025411 3025417 3025422 3025424 3025624 3025627 3025629 3025638 3025643 3025644 3025645 3025646 3025647 3025648 3025649 3025654 3025657 3025658 3025659 3025664 3025665 3025671 613d6c0a.exe a0013895.ex_ activate.exe asmngr.dll av.cpl avkernel.dll compwiz.ex_ compwiz.exe e21cf2ed.exe.lnk fat.exe fopn.exe fopn.sys fopnl.dll fwsvc.exe iefwbho.dll install winantivirus pro 2006 .lnk install.exe insthelp.exe pv.exe rpt.dll rulsrv.dll scanadwr.dll scanbcdr.dll scandos1.dll scanfunc.dll scankrnl.dll scanmcr1.dll scanothr.dll scantool.dll scantroj.dll scanwin1.dll setup.exe sqlite3.dll stera.exe ua27201.dll ua27203.dll ua27204.dll ua27206.dll ua27207.dll ua27209.dll ua27210.dll ua27212.dll ua27213.dll ua27214.dll ua27215.dll ua27216.dll ua27217.dll ua27301.dll ua27302.dll ua27303.dll ua27304.dll ua27305.dll ua27306.dll ua27307.dll ua27308.dll uadaily.dll unadbx.dll unamscan.dll uninstall winantivirus pro 2006.lnk uninstallpage.html unmime.dll unpack.dll unpacks.dll unpacks2.dll unpepack.dll updater.exe uwa6p_0001_n91m1807netinstaller.exe uwa6p_0001_n91m1807netinstaller.inf uwa6pcw.exe vaext.exe vspf_hk5.sys vspf5.sys wapchk.dl_ wapchk.dll winantiviruspro2006freeinstall_de.exe winav.exe winav.xml winpgi.dll %common_desktopdirectory%\winantivirus pro 2006.lnk %common_programs%\winantivirus pro 2006\uninstall winantivirus pro 2006.lnk %common_programs%\winantivirus pro 2006\winantivirus pro 2006 manual.lnk %common_programs%\winantivirus pro 2006\winantivirus pro 2006.lnk %profile%\application data\winantivirus pro 2006\logs\update.log %profile%\application data\winantivirus pro 2006\logs\wa6support.log %profile%\application data\winantivirus pro 2006\logs\winav.log wapchk{5c092e82-a2b0-442b-bc0b-b84bda5ffbd1}.dll wav6com.dll winantivirus pro 2006 manual.lnk winantivirus pro 2006.lnk winantiviruspro2006freeinstall.exe %profile%\local settings\temp\~wa6psetup.exe %profile%\local settings\temp\icd1.tmp\uwa6p_0001_n91m1807netinstaller.exe %profile%\local settings\temp\icd1.tmp\uwa6p_0001_n91m1807netinstaller.inf %program_files%\common files\uwa6pcw.exe %program_files%\common files\winantivirus pro 2006\wapchk.dll %program_files%\winantivirus pro 2006\activate.exe %program_files%\winantivirus pro 2006\atl71.dll %program_files%\winantivirus pro 2006\av.ini %program_files%\winantivirus pro 2006\avcom.log %program_files%\winantivirus pro 2006\avkernel.dll %program_files%\winantivirus pro 2006\awbase\database\enemies.dat %program_files%\winantivirus pro 2006\awbase\vbpv.dat %program_files%\winantivirus pro 2006\bksites.dat %program_files%\winantivirus pro 2006\bnlink.dat %program_files%\winantivirus pro 2006\bpupdater.dat %program_files%\winantivirus pro 2006\sporder.dll %program_files%\winantivirus pro 2006\updater.exe %program_files%\winantivirus pro 2006\vaext.exe %program_files%\winantivirus pro 2006\wav6com.dll %program_files%\winantivirus pro 2006\winav.exe %program_files%\winantivirus pro 2006\winav.xml %program_files%\winantivirus pro 2006\winpgi.dll %program_files%\winantivirus pro 2006\worldmap.swf %system%\stera.exe %windows%\temp\~wa6psetup.exe %program_files%\winantivirus pro 2006\plugins\update\ua27305.dll %program_files%\winantivirus pro 2006\plugins\update\ua27306.dll %program_files%\winantivirus pro 2006\plugins\update\ua27307.dll %program_files%\winantivirus pro 2006\plugins\update\ua27308.dll %program_files%\winantivirus pro 2006\plugins\update\uadaily.dll %program_files%\winantivirus pro 2006\plugins\update\wininit.ini %program_files%\winantivirus pro 2006\plugins\vbpv.dat %program_files%\winantivirus pro 2006\pmedium.bin %program_files%\winantivirus pro 2006\prc.dat %program_files%\winantivirus pro 2006\prerules.xml %program_files%\winantivirus pro 2006\programs.bin %program_files%\winantivirus pro 2006\ps.dat %program_files%\winantivirus pro 2006\pv.dat %program_files%\winantivirus pro 2006\pv.exe %program_files%\winantivirus pro 2006\res\cross.gif %program_files%\winantivirus pro 2006\res\register.gif %program_files%\winantivirus pro 2006\res\wa6p.gif %program_files%\winantivirus pro 2006\rpt.dll %program_files%\winantivirus pro 2006\rulsrv.dll %program_files%\winantivirus pro 2006\settings.bin %program_files%\winantivirus pro 2006\sqlite3.dll %program_files%\winantivirus pro 2006\sr.log %program_files%\winantivirus pro 2006\st.dat %program_files%\winantivirus pro 2006\support.url %program_files%\winantivirus pro 2006\ubupdater.dat %program_files%\winantivirus pro 2006\unins000.dat %program_files%\winantivirus pro 2006\unins000.exe %program_files%\winantivirus pro 2006\uninstall.ico %program_files%\winantivirus pro 2006\uninstallpage.html %program_files%\winantivirus pro 2006\up.dat %program_files%\winantivirus pro 2006\updater.dat %program_files%\winantivirus pro 2006\plugins\ua27308.dll %program_files%\winantivirus pro 2006\plugins\uadaily.dll %program_files%\winantivirus pro 2006\plugins\unacpu.dll %program_files%\winantivirus pro 2006\plugins\unadbx.dll %program_files%\winantivirus pro 2006\plugins\unamscan.dll %program_files%\winantivirus pro 2006\plugins\unmime.dll %program_files%\winantivirus pro 2006\plugins\unpack.dll %program_files%\winantivirus pro 2006\plugins\unpacks.dll %program_files%\winantivirus pro 2006\plugins\unpepack.dll %program_files%\winantivirus pro 2006\plugins\update\.ua27215.dll.uqvnur %program_files%\winantivirus pro 2006\plugins\update\.uadaily.dll.srutf8 %program_files%\winantivirus pro 2006\plugins\unpacks2.dll %program_files%\winantivirus pro 2006\plugins\update\ua27201.dll %program_files%\winantivirus pro 2006\plugins\update\ua27202.dll %program_files%\winantivirus pro 2006\plugins\update\ua27203.dll %program_files%\winantivirus pro 2006\plugins\update\ua27204.dll %program_files%\winantivirus pro 2006\plugins\update\ua27205.dll %program_files%\winantivirus pro 2006\plugins\update\ua27206.dll %program_files%\winantivirus pro 2006\plugins\update\ua27207.dll %program_files%\winantivirus pro 2006\plugins\update\ua27208.dll %program_files%\winantivirus pro 2006\plugins\update\ua27209.dll %program_files%\winantivirus pro 2006\plugins\update\ua27210.dll %program_files%\winantivirus pro 2006\plugins\update\ua27211.dll %program_files%\winantivirus pro 2006\plugins\update\ua27212.dll %program_files%\winantivirus pro 2006\plugins\update\ua27213.dll %program_files%\winantivirus pro 2006\plugins\update\ua27214.dll %program_files%\winantivirus pro 2006\plugins\update\ua27215.dll %program_files%\winantivirus pro 2006\plugins\update\ua27216.dll %program_files%\winantivirus pro 2006\plugins\update\ua27217.dll %program_files%\winantivirus pro 2006\plugins\update\ua27301.dll %program_files%\winantivirus pro 2006\plugins\update\ua27302.dll %program_files%\winantivirus pro 2006\plugins\update\ua27303.dll %program_files%\winantivirus pro 2006\plugins\update\ua27304.dll %program_files%\winantivirus pro 2006\asmngr.dll %program_files%\winantivirus pro 2006\asupdater.dat %program_files%\winantivirus pro 2006\compwiz.exe %program_files%\winantivirus pro 2006\download\ccniyvgs\index.html %program_files%\winantivirus pro 2006\download\ccniyvgs\scankrnl.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27301.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27303.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\ua27304.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\uadaily.dll %program_files%\winantivirus pro 2006\download\ccniyvgs\vbpv.dat %program_files%\winantivirus pro 2006\download\qzcqublp\uadaily.dll %program_files%\winantivirus pro 2006\fat.exe %program_files%\winantivirus pro 2006\fopn.exe %program_files%\winantivirus pro 2006\fopn.sys %program_files%\winantivirus pro 2006\fopnl.dll %program_files%\winantivirus pro 2006\fwsvc.exe %program_files%\winantivirus pro 2006\history.db %program_files%\winantivirus pro 2006\iefwbho.dll %program_files%\winantivirus pro 2006\img\button.gif %program_files%\winantivirus pro 2006\img\button2.gif %program_files%\winantivirus pro 2006\img\header.gif %program_files%\winantivirus pro 2006\img\logo.gif %program_files%\winantivirus pro 2006\img\spacer.gif %program_files%\winantivirus pro 2006\img\thumbs.db %program_files%\winantivirus pro 2006\img\top_line.gif %program_files%\winantivirus pro 2006\img\top1.jpg %program_files%\winantivirus pro 2006\img\top2.jpg %program_files%\winantivirus pro 2006\index.dat %program_files%\winantivirus pro 2006\insthelp.exe %program_files%\winantivirus pro 2006\lapv.dat %program_files%\winantivirus pro 2006\license.rtf %program_files%\winantivirus pro 2006\install.exe %program_files%\winantivirus pro 2006\mfc71.dll %program_files%\winantivirus pro 2006\msvcr71.dll %program_files%\winantivirus pro 2006\online.url %program_files%\winantivirus pro 2006\pgbase\vbpv.dat %program_files%\winantivirus pro 2006\pgupdater.dat %program_files%\winantivirus pro 2006\phigh.bin %program_files%\winantivirus pro 2006\plugins\.ua27215.dll.uqvnur %program_files%\winantivirus pro 2006\plugins\.uadaily.dll.srutf8 %program_files%\winantivirus pro 2006\plugins\borlndmm.dll %program_files%\winantivirus pro 2006\plugins\index.html %program_files%\winantivirus pro 2006\plugins\newvir.dat %program_files%\winantivirus pro 2006\msvcp71.dll %program_files%\winantivirus pro 2006\plugins\scanadwr.dll %program_files%\winantivirus pro 2006\plugins\scanbcdr.dll %program_files%\winantivirus pro 2006\plugins\scandldr.dll %program_files%\winantivirus pro 2006\plugins\scandos1.dll %program_files%\winantivirus pro 2006\plugins\scanfunc.dll %program_files%\winantivirus pro 2006\plugins\scankrnl.dll %program_files%\winantivirus pro 2006\plugins\scanmcr1.dll %program_files%\winantivirus pro 2006\plugins\scanothr.dll %program_files%\winantivirus pro 2006\plugins\scanscr.dll %program_files%\winantivirus pro 2006\plugins\scantool.dll %program_files%\winantivirus pro 2006\plugins\scantroj.dll %program_files%\winantivirus pro 2006\plugins\scanwin1.dll %program_files%\winantivirus pro 2006\plugins\set6d.tmp %program_files%\winantivirus pro 2006\plugins\setd.tmp %program_files%\winantivirus pro 2006\plugins\ua27201.dll %program_files%\winantivirus pro 2006\plugins\ua27202.dll %program_files%\winantivirus pro 2006\plugins\ua27203.dll %program_files%\winantivirus pro 2006\plugins\ua27204.dll %program_files%\winantivirus pro 2006\plugins\ua27205.dll %program_files%\winantivirus pro 2006\plugins\ua27206.dll %program_files%\winantivirus pro 2006\plugins\ua27207.dll %program_files%\winantivirus pro 2006\plugins\ua27208.dll %program_files%\winantivirus pro 2006\plugins\ua27209.dll %program_files%\winantivirus pro 2006\plugins\ua27210.dll %program_files%\winantivirus pro 2006\plugins\ua27211.dll %program_files%\winantivirus pro 2006\plugins\ua27212.dll %program_files%\winantivirus pro 2006\plugins\ua27213.dll %program_files%\winantivirus pro 2006\plugins\ua27214.dll %program_files%\winantivirus pro 2006\plugins\ua27215.dll %program_files%\winantivirus pro 2006\plugins\ua27216.dll %program_files%\winantivirus pro 2006\plugins\ua27217.dll %program_files%\winantivirus pro 2006\plugins\ua27301.dll %program_files%\winantivirus pro 2006\plugins\ua27302.dll %program_files%\winantivirus pro 2006\plugins\ua27303.dll %program_files%\winantivirus pro 2006\plugins\ua27304.dll %program_files%\winantivirus pro 2006\plugins\ua27305.dll %program_files%\winantivirus pro 2006\plugins\ua27306.dll %program_files%\winantivirus pro 2006\plugins\ua27307.dll Delete these directories: %profile%\application data\winantivirus pro 2006 %program_files%\common files\winantivirus pro 2006 %program_files%\winantivirus pro 2006 %program_files%\winantivirus pro 2006\awbase %program_files%\winantivirus pro 2006\awbase\database %program_files%\winantivirus pro 2006\download %program_files%\winantivirus pro 2006\img %program_files%\winantivirus pro 2006\pgbase %program_files%\winantivirus pro 2006\plugins %program_files%\winantivirus pro 2006\plugins\update %program_files%\winantivirus pro 2006\res Let me know how it goes. I found this info here, but it took 5 minutes for the page to load (with a 6 Mbps connection), so I posted the relevant information here. Last edited by DynamicTech; 11-28-2006 at 10:14 AM. |
|
|
|
|
11-28-2006, 10:22 AM
|
#7 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I tried to get into the registry earlier, but it beeps as I hit OK after typing in regedit into the run box. Then it comes up with a messege telling me that 'regedit is not a valid win32 application'!
Is there an alternative route into the registry? |
|
|
|
|
11-28-2006, 10:28 AM
|
#8 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
perform a search on your machine to see if regedit is still on there. If not, I'll post a copy for you to reinstall.
Just in case, Regedit place this in the C:\windows directory. This program could have corrupted regedit, so maybe you should replace it anyway. Last edited by DynamicTech; 11-28-2006 at 10:48 AM. |
|
|
|
|
11-29-2006, 09:39 AM
|
#9 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I went through the above list and I cannot find any of the files I need to delete. The search is coming up dry each time.
I am about to try to sort those entries in the registry. I found them but could not open them for some reason. (I'm still in safe mode - Normal mode is crashing still) |
|
|
|
|
11-29-2006, 09:49 AM
|
#10 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
It seems I can't delete these keys -
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce fat.exe HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect.1 HKEY_CLASSES_ROOT\avexplorer.shellextension HKEY_CLASSES_ROOT\avexplorer.shellextension.2 HKEY_CLASSES_ROOT\iefwbho.iefw HKEY_CLASSES_ROOT\iefwbho.iefw.2 HKEY_CLASSES_ROOT\wap6.pcheck HKEY_CLASSES_ROOT\wap6.pcheck.1 All the other items on the list, includin keys, files and directories, does not exist on the computer. I am still affected with the crashing problem in normal mode. Just for the record, here's the current HJT log with the name changed to scan.exe. Logfile of HijackThis v1.99.1 Scan saved at 15:48:14, on 29/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HJT\scan.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LZDWAK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LZDWAK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
11-29-2006, 07:17 PM
|
#11 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
Open regedt32 Click edit >> permissions and make sure your account has the permissions to edit the registry keys. You cannot edit the registry through this interface, you will have to close it down and open regedit for that. You may also try booting into safe mode to see if they can be deleted that way.
Does the system crash while you are scanning, or does it just crash sitting there? Have you used msconfig to turn off all TSRs? |
|
|
|
|
11-30-2006, 03:32 AM
|
#12 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Hi
I will struggle to get time to work on this PC today, nevertheless, I will try my best . As far as the questions above go, I am doing all the work in Safe Mode. I am unable to do almost anything in Normal Mode as it crashes (reboots) after about 1 minute regardless of whether I'm doing anything or not. It even crashes at the initial page where we select which user account to use. I do have permission to edit the registry as I made a backup then deleted a key, before reinstating the backup. I turned off all the startups in Msconfig way at the start of this problem as one of the initial possible solutions. I am loathed to spend much more time on this machine as I really do have other things I must be getting on with, as I'm sure you have to. I feel like formatting and reinstalling XP.  Patience is not one of my best features.  I'll give it today and then I'll admit defeat (unless you are compelled to see this thing through )Thanks Alex |
|
|
|
|
11-30-2006, 04:39 AM
|
#13 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I tried to open regedit32 in Start>Run, but it could not find it. I also searched for it in the XP search facility. Once again, it came up dry.
|
|
|
|
|
11-30-2006, 05:19 AM
|
#14 |
|
Member (6 bit)
Join Date: Sep 2003
Posts: 37
|
repair file
Try RUN> chkdsk /f this should restore lost files
|
|
|
|
|
11-30-2006, 10:13 AM
|
#15 | |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Quote:
I tried to look at the running processes in normal mode prior to the system switching off. A file called wuauclt.exe was appearing just as it crashed, so I googled for info anf discovered that it is a legit windows file. But also and interestingly, it can appear as a malicious file. So I had a look in the system32 folder (which does not show up in the WINDOWS folder even when hidden folders are set to be viewed), and found two sets of the file. One set of two had the windows logo and the other set was unrecognised as a file format. I deleted wuauclt.cll and a wuauclt without a file extension to see what would happen. I didn't delete them from the recycle bin just incase. Lo and behold, the deletion of these files has cured the problem of the machine crashing. It has been on for around two hours constant now. I also restarted it a few times to ensure it was booting normally. Now I find that the System32 folder is opening on startup. What would cause that? There is also a wee text box opening with copyright info just above the tray. I ran the tools again just as I did in the first post. Anyway, here is the latest HJT log run in Normal Mode: Logfile of HijackThis v1.99.1 Scan saved at 16:06:16, on 30/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\VoyagerTest\fts.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1137183239\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1137183239\ee\AOLServiceHost.exe c:\program files\common files\aol\1137183239\ee\services\antiSpywareApp\ve r2_0_12\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1137183239\ee\AOLServiceHost.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\TrojanHunter 4.6\TrojanHunter.exe C:\HJT\scan.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [obj 4 dart burn] C:\Documents and Settings\All Users\Application Data\warn soap obj 4\Hide Hold.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e34.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137183239\ee\AOLHostManager.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [defender] C:\\dfndrff_e34.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0v\aoltray.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LZDWAK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LZDWAK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
11-30-2006, 06:47 PM
|
#16 |
|
Member (6 bit)
Join Date: Sep 2003
Posts: 37
|
battery test
Could this be a hardware problem? I seen computer with weak battery have that type of problem, If the clock is keeping correct time, then the battery would be ok, a small 3 volt that keeps the BIOS set. this is the case for laptop or desktop, If you can get to the BIOS and set the clock. Turn the computer off, and disconnect the AC power for about four hours. Turn the computer back on go to the BIOS and check the time. If the time is slow, then you have a weak battery.
|
|
|
|
|
11-30-2006, 06:57 PM
|
#17 |
|
Not so new
Join Date: Aug 2006
Location: Maryland, United States
Posts: 2,576
 |
Run MemTest86+ and test your memory for errors.
__________________
“To me there are three things everyone should do every day. Number one is laugh. Number two is think -- spend some time in thought. Number three, you should have your emotions move you to tears. If you laugh, think and cry, that's a heck of a day.” - Jim Valvano |
|
|
|
|
11-30-2006, 07:18 PM
|
#18 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
Have a look at this article:
http://support.microsoft.com/?kbid=170086 Virus infections are tough to track down, and they wreak havoc on your registry. I could go on all day about them. Anyway, your at the end of your road with this thing. Way to go keeping an eye out for rogue services. The people that write this crap mask their files as legitimate OS files. Sometimes you have to research legit files to verify they are what they are. With any luck you won't have to nuke and pave. Especially all the time you have spent on it. Good Luck. |
|
|
|
|
12-01-2006, 03:51 AM
|
#19 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
I tried to clean it up some more by doing what I normally do (use the Castlecops database).
Here is the HJT log as it stands now: Logfile of HijackThis v1.99.1 Scan saved at 09:47:37, on 01/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\VoyagerTest\fts.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\HJT\scan.exe.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~2\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0v\aoltray.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LZDWAK - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LZDWAK.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
12-02-2006, 10:17 AM
|
#20 |
|
Member (6 bit)
Join Date: Nov 2004
Posts: 58
|
Thanks for all the help. I have returned tre computer to the customer, running very well. All back to normal. I tinkered with the log just before I returned it and it is now booting and running normally.
Many Thanks Alex |
|
|
|
|
12-02-2006, 09:50 PM
|
#21 |
|
Member (9 bit)
Join Date: Jan 2006
Posts: 343
|
That's good hear. I'm glad you got it fixed.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| XPh won't start in safe mode (normal boot OK) | mb26 | Windows Legacy Support (XP and earlier) | 2 | 12-17-2005 08:34 AM |
| PC clock faster than normal | mystvearn | Computer Hardware | 11 | 04-26-2004 11:58 PM |
| PC decides not to boot | L M entry | Computer Hardware | 11 | 03-21-2004 10:20 PM |
| PC only starts in safe and diagnostic startup mode | trailboss004 | Windows Legacy Support (XP and earlier) | 24 | 08-27-2003 03:37 PM |
| windows 98 keeps crashing to BSOD | chandr | Windows Legacy Support (XP and earlier) | 39 | 08-10-2003 09:36 PM |
Linear Mode
