TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Cephiro on February 20, 2008, 08:03:29 AM
-
Hi there guys.
About 8 months ago, I started getting BSODs at random on Windows XP Professional SP2, and so far, nothing I did seemed to solve it. It happens at random, but seems to happen more often if I happen to be playing something, but it still happens when only firefox or windows explorer is open. Some said that system files could be corrupt, so I formatted and reinstalled windows. That didn't do it. So, people said it could be the RAM. I ran memtestx86, and got no errors, but since I was still getting problems, I bought new RAM and replaced the old. That didn't help as well. I thought it could be the Video Card, and as it dies on me 2 days ago, I thought that might be it. So then I bought a new Video Card and I am still getting the same errors all over again. I don't know what to do, since I've seen pretty much every BSOD error in the book, and all that microsoft OCA could tell me was "possible causes: hardware or software error" ¬¬
Would upgrading to Vista solve something?
Well, I hope someone here can shed some light on the situation, as I don't know what else to do.
My computer was it was before:
Windows XP Professional Edition SP2 (all updated)
Intel Dual Core 2,8 GHz
HD Samsung 160 GB SATA
1GB RAM (2x 512MB DDR 400MHz Kingston)
XFX GeForce 6200 256 MB AGP
MB Gigabyte (I'll check about the model, but it has an Intel 865G Chipset)
As it is now:
Windows XP Professional Edition SP2 (all updated)
Intel Dual Core 2,8 GHz
HD Samsung 160 GB SATA + Maxtor 500GB USB
2GB RAM (2x 1024MB DDR 400MHz Kingston)
GeForce 7300GT 512 MB AGP
MB Gigabyte (I'll check about the model, but it has an Intel 865G Chipset)
-
The exact error message might help
Can you disable auto restart if set and post the BSOD message
Long stringed number and file name if one
Check to see if auto restart is set
Right click MyComputer>>Select Properties>>Advanced>>setting under Startup Recovery
Uncheck "Automatically Restart"
OK out of there
-
Thanks for the reply. Auto restart is already disabled.
The message always changes, but the most common is 0x0000000A (IRQL_NOT_LESS_OR_EQUAL), and recently (after installing the new video card) the 0x0000008E (KERNEL_MODE_EXCEPTION_NOT_HANDLED) has become more common.
Nevertheless, I've already gotten 0x0000004E, 0x00000050, 0x0000007F, 0x00000080, 0x000000C2, 0x000000D1, 0x000000FC as well as many others.
They appear at random, and point at random drivers, but some months ago nv4_disp.dll was the most common, and now win32k.sys has become the most common.
As far as I have seen, none is linked to any action on the computer. Sometimes I get one of those 2 minutes after windows has finished booting. =/
-
What make was the old video card you removed?
did you uninstall drivers before installing new card drivers?
If you look in device manager do you see any problems?
-
The old video card was a XFX GeForce 6200 256MB AGP. Drivers were removed, and whatever was left was removed with Driver Cleaner. Then I installed the most up-to-date drivers.
There are no problems in Device Manager, but I find the fact that some things are sharing the same IRQ quite strange.
No errors in the Event Viewer either.
-
Do you have any dump files?
Navigate to x:\Windows\Minidump folder
Try uploading the last 4 to a reply back here, they will have dates
Zip them up first to the same folder
-
There you go. Dunno if these can help though. =/
I don't save a dump file every time it crashes.
[quote name=\'guestolo\' post=\'422219\' date=\'Feb 21 2008, 12:10 AM\']Do you have any dump files?
Navigate to x:\Windows\Minidump folder
Try uploading the last 4 to a reply back here, they will have dates
Zip them up first to the same folder[/quote]
-
I was hoping the 4 logs would point to one thing, but they're pointing to a few
May be driver related
It appears that you may have blue screened a few times today
One pointed towards Avast, however I don't think that's the problem
I would try and clean boot of XP and try running like that for awhile and see if it blue screens
http://support.microsoft.com/kb/310353 (http://\"http://support.microsoft.com/kb/310353\")
Note: If you run software firewall besides the one built into Windows
If you do disable it for troubleshooting purposes, ensure to enable the XP firewall afterwards
If it doesn't blue screen, we may be able to trial and error the problem
-
Yeah, my computer crashed randomly a few times today...
The thing with this computer is, whenever you change something major (i.e drivers, memory placement, startup programs) it stays stable for a week or two, then it starts crashing again. That's the most infuriating part, because you never know if you are doing something right or not. It stays stable for a couple of weeks, than goes into an unusable state for 2 or 3 days, keeps stable for a week, then 2 or 3 more days of crashing...
By the way, I got a BSOD within 20 minutes after a clean XP install, when it only had a couple of things installed, but strangely enough, it happened only after I installed the nVidia drivers.
Maybe changing to custom drivers solves something....
-
Where did you get the drivers from for your video card?
-
The official website, http://www.nvidia.com (http://\"http://www.nvidia.com\")
[quote name=\'guestolo\' post=\'422224\' date=\'Feb 21 2008, 12:57 AM\']Where did you get the drivers from for your video card?[/quote]
-
keeps stable for a week, then 2 or 3 more days of crashing...
Are you doing anything different at the time?
running any particular program or using any different hardware that may cause the problem?
running any scans in the background?
Think hard, it may help
-
As far as I remember, when the computer is behaving like that, it crashes over simple things, like browsing google on firefox, watching a video on Media Player Classic, or simply using Windows Explorer. At most, BitComet, Emule and Winamp might have been running then, but they are running most of the time (even now). Most of the time it crashes when I'm only reading something on the internet (nothing resource consuming running or anything).
No scans were running, as far as I know.
[quote name=\'guestolo\' post=\'422226\' date=\'Feb 21 2008, 01:05 AM\']Are you doing anything different at the time?
running any particular program or using any different hardware that may cause the problem?
running any scans in the background?
Think hard, it may help[/quote]
-
At most, BitComet, Emule and Winamp might have been running then, but they are running most of the time (even now).
It may very well be Emule or BitComet causing problems
You could try troubleshooting it on your end, if it Blue screens without those programs running in the background
They may be the cause
-
I already tried that. Sometimes it crashes before I can even load anything on windows.
And sometimes, like today, it blue screens before windows is completely loaded.
I tried unloading WindowBlinds, so let's see what happens. If it still crashes, I'll try changing the video drivers to custom ones. It that doesn't help, I'll probably format everything and upgrade to Vista.
[quote name=\'guestolo\' post=\'422244\' date=\'Feb 21 2008, 10:21 AM\']It may very well be Emule or BitComet causing problems
You could try troubleshooting it on your end, if it Blue screens without those programs running in the background
They may be the cause[/quote]
-
WindowsBlinds has been know to cause bluescreens
What USB devices do you have plugged into computer?
-
Well, if it solves something, I'll have to do without WindowBlinds... I hate the normal windows UI, but oh well...
As far as USB devices go, normally only my printer/scanner, a Lexmark X1195 is connected all the time. But it is also off most of the time. Lately, I also have my USB joystick and External HDD, but I didn't have those when the computer started crashing.
[quote name=\'guestolo\' post=\'422246\' date=\'Feb 21 2008, 11:06 AM\']WindowsBlinds has been know to cause bluescreens
What USB devices do you have plugged into computer?[/quote]
-
What's exact make/model of computer
Did you ensure to install latest motherboard/chipset drivers?
-
The computer is a custom build.
The specs are as stated on my first post, and the mother board is a GA-8I865GME-775 from Gigabyte.
I updated the motherboard and chipset drivers as soon as the problem started happening. Seemed to solve it for 3 days or so.
[quote name=\'guestolo\' post=\'422248\' date=\'Feb 21 2008, 11:29 AM\']What's exact make/model of computer
Did you ensure to install latest motherboard/chipset drivers?[/quote]
-
Just crashed again. 0x0000007F =/
I'm sending the dumps for the 2 times it crashed today (2 times in 2 hours).
WindoBlinds was disabled when it crashed, so...
Removed one of the RAM sticks. Let's see how it works.
-
Removed one of the RAM sticks. Let's see how it works.
Here's more info
http://support.microsoft.com/kb/137539 (http://\"http://support.microsoft.com/kb/137539\")
-
Don't you just LOVE the way microsoft puts things?
"CAUSE: Your computer has software or hardware problems" ¬¬
The other number on it was 0x00000099 which isn't on the list. =/
So far, the computer looks quite stable, so it is possible that I have a malfunctioning RAM slot. I'll leave it running for a couple more of days to see if it remains stable.
[quote name=\'guestolo\' post=\'422307\' date=\'Feb 22 2008, 12:16 AM\']Here's more info
http://support.microsoft.com/kb/137539 (http://\"http://support.microsoft.com/kb/137539\")[/quote]
-
Ok, 1 day running without problems, then it crashes twice with 0x0000000A (IRQL_NOT_LESS_OR_EQUAL)
Changed the RAM slot. Let's see how it works this time.
-
Ok, 4 days without any blue screens. As a test, today I put in the second RAM stick, and in less than 10 minutes I got 2 blue screens (7E before windows loaded and 0A 2 minutes after it finally loaded).
So, I guess I either really have a malfunctioning RAM slot, or Windows Xp just doesn't like it for some reason.. Do you guys think upgrading to Vista might solve it?
Apart from that, my computer has started behaving strangely today. Every program I try to start freezes before fully loading, and the computer just refuses to restart/shutdown. I think it's a nasty trojan or something, but I don't really know... (I'll move this to another thread if it shouldn't be here)
[quote name=\'Cephiro\' post=\'422317\' date=\'Feb 22 2008, 10:21 AM\']Ok, 1 day running without problems, then it crashes twice with 0x0000000A (IRQL_NOT_LESS_OR_EQUAL)
Changed the RAM slot. Let's see how it works this time.[/quote]
-
Sounds as if the one Ram stick is having a compatibility issue
Compare both. The good one and the one that causes computer to blue screen
Buy identical to the good one
What motherboard from Gigabyte do you have?
I don't think you posted the model number
Concerning the possible trojan
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum
-
Both RAM sticks are identical and were bought together (2x 1GB DDR PC3200 400MHz Kingston), and the ones thet I used before were also identical and were bought together (2x 512MB DDR PC3200 400MHz Kingston).
My motherboard is a Gigabyte GA-8I865GME-775.
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:24:22, on 2008/02/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\ダウンãƒãƒ¼ãƒ‰\HiJackThis_v2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINDOWS\system32\webperform.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ã™ã¹ã¦ã®å‹•ç”»ã‚’BitCometã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: リンク先を &BitComet ã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹ - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: å…¨ã¦ã®ãƒªãƒ³ã‚¯ã‚’ BitComet ã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹ - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun 㮠Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199051698762 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199051698762\")
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7650 bytes
-
It does appear that you have the right ram then, according to Crucial
http://www.crucial.com/store/listparts.asp...GA-8I865GME-775 (http://\"http://www.crucial.com/store/listparts.aspx?model=GA-8I865GME-775\")
Can you delete your version of Hijackthis and download the version I linked to
Yours is out of date
Post a fresh hijackthis log
Also, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
-
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:16, on 2008/02/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINDOWS\system32\webperform.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ã™ã¹ã¦ã®å‹•ç”»ã‚’BitCometã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: リンク先を &BitComet ã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹ - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: å…¨ã¦ã®ãƒªãƒ³ã‚¯ã‚’ BitComet ã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹ - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun 㮠Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199051698762 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199051698762\")
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7411 bytes
--------------------------------------------------------------------------------------------------
Uninstall list:
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.0 - Japanese
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
a-squared Free 3.0
AudioConvert
avast! Antivirus
AVS Video Converter 4.3.1.371
Battlefield 2(tm)
BitComet 0.97
CCleaner (remove only)
ConvertXtoDVD 2.2.2.256
DH Driver Cleaner Professional Edition
Double Vibration Controller 3
DVD Shrink 3.2
EasyCleaner
Frets On Fire
Google Earth
GraphPad Prism 4
HijackThis 2.0.2
Hot CPU Tester Pro 4.3
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Java(tm) 6 Update 3
K-Lite Mega Codec Pack 3.6.2
Lexmark X1100 Series
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.6.93
Maxtor Manager
Maxtor Manager
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 用㮠Security Update (KB928365)
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.12)
Mozilla Thunderbird (2.0.0.9)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8 Demo
neroxml
NVIDIA Drivers
PDF Settings
PSP Video Express(remove only)
Realtek AC'97 Audio
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Sid Meier's Pirates!
SPSS 14.0 for Windows Evaluation Version
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Star Wars Battlefront II
SWF Opener
System Requirements Lab
Total Video Converter 2.603
Tracks Eraser Pro v7.0
TrueCrypt
Uniblue RegistryBooster 2
Uniblue SpyEraser
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Winamp
Winamp Japanese Language Pack 0.2
WindowBlinds
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player (KB911564) ã‚»ã‚ュリティå•é¡Œã®ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ
Windows Media Player 6.4 (KB925398) ã‚»ã‚ュリティå•é¡Œã®ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ
Windows Media Player 9 (KB936782) ã‚»ã‚ュリティå•é¡Œã®ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ
Windows XP (KB923689) ã‚»ã‚ュリティå•é¡Œã®ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ
Windows XP (KB941569) ã‚»ã‚ュリティå•é¡Œã®ä¿®æ£ãƒ—ãƒã‚°ãƒ©ãƒ
Windows XP ã‚»ã‚ュリティ更新 (KB893756)
Windows XP ã‚»ã‚ュリティ更新 (KB896358)
Windows XP ã‚»ã‚ュリティ更新 (KB896423)
Windows XP ã‚»ã‚ュリティ更新 (KB896428)
Windows XP ã‚»ã‚ュリティ更新 (KB899587)
Windows XP ã‚»ã‚ュリティ更新 (KB899591)
Windows XP ã‚»ã‚ュリティ更新 (KB900725)
Windows XP ã‚»ã‚ュリティ更新 (KB901017)
Windows XP ã‚»ã‚ュリティ更新 (KB901190)
Windows XP ã‚»ã‚ュリティ更新 (KB901214)
Windows XP ã‚»ã‚ュリティ更新 (KB902400)
Windows XP ã‚»ã‚ュリティ更新 (KB905414)
Windows XP ã‚»ã‚ュリティ更新 (KB905749)
Windows XP ã‚»ã‚ュリティ更新 (KB908519)
Windows XP ã‚»ã‚ュリティ更新 (KB911562)
Windows XP ã‚»ã‚ュリティ更新 (KB911927)
Windows XP ã‚»ã‚ュリティ更新 (KB913580)
Windows XP ã‚»ã‚ュリティ更新 (KB914388)
Windows XP ã‚»ã‚ュリティ更新 (KB914389)
Windows XP ã‚»ã‚ュリティ更新 (KB917953)
Windows XP ã‚»ã‚ュリティ更新 (KB918118)
Windows XP ã‚»ã‚ュリティ更新 (KB918439)
Windows XP ã‚»ã‚ュリティ更新 (KB919007)
Windows XP ã‚»ã‚ュリティ更新 (KB920213)
Windows XP ã‚»ã‚ュリティ更新 (KB920670)
Windows XP ã‚»ã‚ュリティ更新 (KB920683)
Windows XP ã‚»ã‚ュリティ更新 (KB920685)
Windows XP ã‚»ã‚ュリティ更新 (KB921503)
Windows XP ã‚»ã‚ュリティ更新 (KB922819)
Windows XP ã‚»ã‚ュリティ更新 (KB923191)
Windows XP ã‚»ã‚ュリティ更新 (KB923414)
Windows XP ã‚»ã‚ュリティ更新 (KB923789)
Windows XP ã‚»ã‚ュリティ更新 (KB923980)
Windows XP ã‚»ã‚ュリティ更新 (KB924270)
Windows XP ã‚»ã‚ュリティ更新 (KB924496)
Windows XP ã‚»ã‚ュリティ更新 (KB924667)
Windows XP ã‚»ã‚ュリティ更新 (KB925902)
Windows XP ã‚»ã‚ュリティ更新 (KB926436)
Windows XP ã‚»ã‚ュリティ更新 (KB927779)
Windows XP ã‚»ã‚ュリティ更新 (KB927802)
Windows XP ã‚»ã‚ュリティ更新 (KB928255)
Windows XP ã‚»ã‚ュリティ更新 (KB928843)
Windows XP ã‚»ã‚ュリティ更新 (KB929123)
Windows XP ã‚»ã‚ュリティ更新 (KB930178)
Windows XP ã‚»ã‚ュリティ更新 (KB931261)
Windows XP ã‚»ã‚ュリティ更新 (KB931784)
Windows XP ã‚»ã‚ュリティ更新 (KB932168)
Windows XP ã‚»ã‚ュリティ更新 (KB933729)
Windows XP ã‚»ã‚ュリティ更新 (KB935839)
Windows XP ã‚»ã‚ュリティ更新 (KB935840)
Windows XP ã‚»ã‚ュリティ更新 (KB936021)
Windows XP ã‚»ã‚ュリティ更新 (KB937894)
Windows XP ã‚»ã‚ュリティ更新 (KB938127)
Windows XP ã‚»ã‚ュリティ更新 (KB938829)
Windows XP ã‚»ã‚ュリティ更新 (KB941202)
Windows XP ã‚»ã‚ュリティ更新 (KB941568)
Windows XP ã‚»ã‚ュリティ更新 (KB941644)
Windows XP ã‚»ã‚ュリティ更新 (KB942615)
Windows XP ã‚»ã‚ュリティ更新 (KB943055)
Windows XP ã‚»ã‚ュリティ更新 (KB943460)
Windows XP ã‚»ã‚ュリティ更新 (KB943485)
Windows XP ã‚»ã‚ュリティ更新 (KB944533)
Windows XP ã‚»ã‚ュリティ更新 (KB944653)
Windows XP ã‚»ã‚ュリティ更新 (KB946026)
Windows XP ホットフィックス - KB873339
Windows XP ホットフィックス - KB885835
Windows XP ホットフィックス - KB885836
Windows XP ホットフィックス - KB886185
Windows XP ホットフィックス - KB886677
Windows XP ホットフィックス - KB887472
Windows XP ホットフィックス - KB888302
Windows XP ホットフィックス - KB890859
Windows XP ホットフィックス - KB891781
Windows XP æ›´æ–° (KB894391)
Windows XP æ›´æ–° (KB898461)
Windows XP æ›´æ–° (KB900485)
Windows XP æ›´æ–° (KB908531)
Windows XP æ›´æ–° (KB910437)
Windows XP æ›´æ–° (KB911280)
Windows XP æ›´æ–° (KB916595)
Windows XP æ›´æ–° (KB920872)
Windows XP æ›´æ–° (KB922582)
Windows XP æ›´æ–° (KB927891)
Windows XP æ›´æ–° (KB930916)
Windows XP æ›´æ–° (KB936357)
Windows XP æ›´æ–° (KB938828)
Windows XP æ›´æ–° (KB942763)
Windows XP æ›´æ–° (KB942840)
Windows XP æ›´æ–° (KB946627)
WinRAR archiver
WinZip 11.1
---------------------------------------------------------------------------------------------------
-
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste a few of those files, one at a time to the Upload a File
this entry:
C:\WINDOWS\system32\webperform.dll
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
-
Here are the results:
aswUpdSv.exe - Prevx1 - - Heuristic: Suspicious Self Modifying File
NMBgMonitor.exe - Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
TeaTimer.exe - Webwasher-Gateway 6.6.2 2008.02.23 Virus.Win32.FileInfector.gen!90(suspicious)
BitComet.exe - Sunbelt 2.2.907.0 2008.01.23 VIPRE.Suspicious
a2service.exe - eSafe 7.0.15.0 2008.02.21 suspicious Trojan/Worm
SyncServices.exe - Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
plugin_eMule.exe - Prevx1 V2 2008.02.27 Heuristic: Suspicious Backdoor
ASHMAISV.EXE - Prevx1 - - Heuristic: Suspicious File With Mass Email Capabilities
ashwebsv.exe - Prevx1 - - Heuristic: Suspicious File With Covert Attributes
hijackthis.exe - eSafe 7.0.15.0 2008.02.21 suspicious Trojan/Worm
Panda 9.0.0.4 2008.02.24 Suspicious file
SpyEraser.exe - F-Prot 4.4.2.54 2008.02.26 W32/Agent.K.gen!Eldorado
- Prevx1 V2 2008.02.27 Heuristic: Suspicious File Which Interferes With Vulnerable Files Like The HostsFile
The rest didn't turn up any results.
In any case, regardless of what is open or not, when windows starts, any program you try to open hangs for 5 minutes before actually becoming usable. And on Task Manager the name of the user starting the processes remains blank for the same time. So I think either something that hogs up the resources is starting with windows all of a sudden, or I've got some undetected virus or something. Ah, if I stop svchost.exe (a 12.000KB+ process) and ctfmon.exe it speeds up things a little bit. However, I've already scanned both files on that website you sent me, and it didn't detect anything.
-
Sorry, I edited my last reply earlier
Did you scan this file?
C:\WINDOWS\system32\webperform.dll
If not can you please scan it
Also, can you do the following
Download and run AVG Rootkit scanner from here
http://free.grisoft.com/doc/downloads-prod...s/frt/0?prd=arw (http://\"http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=arw\")
Post back the results