« previous next »
Pages: [1]

Author Topic: Computer stuck rebooting  (Read 1392 times)

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« on: May 25, 2007, 01:26:26 AM »
Ok I don't know how this got on my computer.  In the past I was stupid and downloaded and executed something that screwed me.

This time I was playing BF2142 and my computer crashed.  when I rebooted Avast started going crazy and then I would get a blue screen that a speed reader could not read fast enough.  I think it said something about running out of ram.

I got my system stable by searching for all the exe and other programs that were modified 5/24/07 at 11:39 or within a few minutes that were also created at that time and date.  I also removed a bunch of programs that were suddenly on my start up menu and deleted the files.

Anyway here is my HJT log


Logfile of HijackThis v1.99.1
Scan saved at 2:25:49 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170467007984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176156320609
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer = 150.61.25.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dx8.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Monitor Command Line Shell (Performance Monitor) - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
« Last Edit: May 25, 2007, 01:30:06 AM by Lucifer »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #1 on: May 25, 2007, 09:01:57 AM »
Can you do the following please
Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.  A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
[/b]
[color=\"green\"]NOTE:running option #2  will remove your Desktop background, you will have to replace it in the Display options found in Control panel[/color].

Back in Normal Windows
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the following
1. Post the log from Combofix
2. Post a fresh hijackthis log
3. Post the report from C:\Rapport.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #2 on: May 25, 2007, 10:42:57 AM »
Ok here are the combofix report, the HJT report and the smitfraud report.  


"Samuel L Jackson" - 2007-05-25 11:22:48    Service Pack 2  
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Samuel L Jackson\Desktop\"


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\dlh9jkd1q8.exe"
"C:\WINDOWS\system32\windev-2b62-47f3.sys"
"C:\WINDOWS\system32\windev-peers.ini"


(((((((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_PERFORMANCE_MONITOR
-------\Performance Monitor
-------\windev-2b62-47f3


(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-25  ))))))))))))))))))))))))))))))))))


2007-05-25 11:10   2,512   --a------   C:\WINDOWS\system32\tmp.reg
2007-05-25 02:13   127,208   --a------   C:\WINDOWS\system32\mucltui.dll
2007-05-25 00:56   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-05-24 23:41   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-24 23:39   13,332   --a------   C:\WINDOWS\system32\a3dx8.dll
2007-05-07 00:19   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-07 00:19   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-07 00:18   <DIR>   d--------   C:\Program Files\Picasa2
2007-05-07 00:18   <DIR>   d--------   C:\Program Files\Google
2007-05-06 23:01   <DIR>   d--------   C:\Program Files\7-Zip


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 15:03:48   --------   d-----w   C:\DOCUME~1\SAMUEL~1\APPLIC~1\OpenOffice.org2
2007-05-25 13:06:09   22,584   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-05-25 13:05:25   99,904   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2007-05-25 03:37:51   --------   d-s---w   C:\Program Files\Xfire
2007-05-24 15:01:51   --------   d-----w   C:\DOCUME~1\SAMUEL~1\APPLIC~1\Xfire
2007-05-11 01:03:25   63,040   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2007-04-30 15:33:31   --------   d-----w   C:\Program Files\hix
2007-04-18 16:12:23   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-13 20:45:51   --------   d-----w   C:\Program Files\2142 Sig Generator
2007-04-11 01:08:11   --------   d-----w   C:\Program Files\Hewlett-Packard
2007-04-11 01:07:59   --------   d--h--w   C:\Program Files\Zenographics
2007-04-09 22:48:09   --------   d-----w   C:\Program Files\EPSON
2007-04-09 22:20:31   --------   d-----w   C:\Program Files\Messenger
2007-04-09 21:14:58   --------   d-----w   C:\Program Files\Windows Media Connect 2
2007-04-09 20:32:30   --------   d-----w   C:\Program Files\TaxCut06
2007-04-09 20:31:02   51,716   ----a-w   C:\WINDOWS\system32\pdf995mon.dll
2007-04-09 20:31:02   118,784   ----a-w   C:\WINDOWS\system32\pdfmona.dll
2007-03-29 01:49:05   --------   d-----w   C:\Program Files\LeechFTP
2007-03-29 00:50:05   --------   d-----w   C:\Program Files\eBay
2007-03-29 00:32:16   --------   d-----w   C:\Program Files\Electronic Arts
2007-03-28 16:13:57   --------   d-----w   C:\Program Files\File Renamer
2007-03-28 16:13:28   108,988   ----a-w   C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2007-03-26 15:35:06   49,152   ----a-r   C:\WINDOWS\system32\inetwh32.dll
2007-03-26 15:35:06   1,044,480   ----a-r   C:\WINDOWS\system32\roboex32.dll
2007-03-26 13:44:32   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-03-26 13:44:15   --------   d-----w   C:\Program Files\Canon
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-14 06:14:15   --------   d-----w   C:\Program Files\E-Color
2007-03-08 15:36:28   577,536   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48   1,843,584   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-03-07 17:57:48   --------   d-----w   C:\Program Files\ICQLite
2007-03-07 17:54:12   --------   d-----w   C:\DOCUME~1\SAMUEL~1\APPLIC~1\Help
2007-03-07 17:38:16   57,344   ----a-w   C:\WINDOWS\WNMHINDR.EXE
2007-03-07 17:38:16   24,576   ----a-w   C:\WINDOWS\system32\NMH040A.DLL
2007-03-07 17:37:41   --------   d-----w   C:\Program Files\DivX
2007-03-07 17:37:38   --------   d-----w   C:\Program Files\Home Media Networks Limited
2007-03-07 17:35:42   724,992   ----a-w   C:\WINDOWS\iun6002.exe
2007-02-05 20:17:02   185,344   ----a-w   C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SoundMan"="SOUNDMAN.EXE" []
"AsioReg"="REGSVR32.exe" [2004-08-04 08:00 C:\WINDOWS\system32\regsvr32.exe]
"WireLessMouse"="C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 13:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 13:28]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 06:06]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2003-04-10 13:16]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2003-04-10 13:23]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.exe" [2002-04-10 04:00]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
   

Contents of the 'Scheduled Tasks' folder
2007-05-25 15:20:07  C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 11:26:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2007-05-25 11:29:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 11:28

   --- E O F ---


rapport.txt



»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer=150.61.25.41
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer=150.61.25.41
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer=150.61.25.41
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer=150.61.25.41
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer=150.61.25.41
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer=150.61.25.41
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Logfile of HijackThis v1.99.1
Scan saved at 11:41:31 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170467007984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176156320609
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer = 150.61.25.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #3 on: May 25, 2007, 09:39:14 PM »
Delete this file if still around, exact spelling please
C:\WINDOWS\system32\a3dx8.dll <-this file

Do you recognize this domain address?
It doesn't appear to be related to your ISP, but can you confirm please if you know it
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41

This is the info I can find on it
Code: [Select]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum:  150.11.0.0 - 150.100.255.255
netname:  JAPAN150
country:  JP
descr: Japan Network Information Center
admin-c:  JNIC1-AP
tech-c:   JNIC1-AP
status:   ALLOCATED PORTABLE
notify:   [email protected]
mnt-by:   MAINT-JPNIC
changed:  [email protected] 20060203
source:   APNIC

role: Japan Network Information Center
address:  Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address:  Chiyoda-ku, Tokyo 101-0047, Japan
country:  JP
phone: +81-3-5297-2311
fax-no:   +81-3-5297-2312
e-mail:   [email protected]
admin-c:  JI13-AP
tech-c:   JE53-AP
nic-hdl:  JNIC1-AP
mnt-by:   MAINT-JPNIC
changed:  [email protected] 20041222
changed:  [email protected] 20050324
changed:  [email protected] 20051027
source:   APNIC
How is everything running?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #4 on: May 25, 2007, 10:45:58 PM »
Well before I deleted that file I was having trouble going from one site to another.  Kept saying "looking for www.whatever".  Then after I got an error I would hit try again and it would load.

Now that I deleted that dll file I am no longer getting that error.

That domain if nothing that I recognize.  What do I need to do, run HJT and get rid of it?
Logged

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #5 on: May 25, 2007, 10:53:23 PM »
Well it is running fine for most things.  I am still getting the page load error sometime.  Must be a DNS problem in my network.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #6 on: May 26, 2007, 10:14:30 AM »
Do a "System scan only" with Hijackthis and put a check next to these entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E57524D-B08B-4BB3-B518-EED7B4C2814E}: NameServer = 150.61.25.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C66C77E-65B8-42F3-9EC4-D21819FEF2CB}: NameServer = 150.61.25.41


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
NOTE: Only fix 017 entries with this address in the line >>150.61.25.41

Reboot your computer

Post a fresh hijackthis log afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #7 on: May 26, 2007, 01:33:01 PM »
Alright, done that and rebooted.

Every thing seems good.

The only problem I have, which I have had for a while now is when I go start->right click-> explore before I can even open any files on my c: drive I get "data execution prevention" and it shuts down explorer.  This is bugging the hell out of me.

I don't remember t happening when I first built this machine. But it is certainly happening now.

Could it be because of Punkbuster A or B?  

Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 2:25:29 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170467007984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176156320609
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
« Last Edit: May 26, 2007, 01:33:56 PM by Lucifer »
Logged

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #8 on: May 26, 2007, 01:34:25 PM »
Oh and THANKS!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #9 on: May 26, 2007, 01:57:54 PM »
Quote
The only problem I have, which I have had for a while now is when I go start->right click-> explore before I can even open any files on my c: drive I get "data execution prevention" and it shuts down explorer. This is bugging the hell out of me.
This could be from a faulty right click context menu item

Can you try the following
Download shexview.zip and SAVE it to desktop
Then Extract it to it's own folder on desktop

Open the folder and Double click on shexview.exe
Let this load
Sort this output by TYPE by click type in the top bar

Scroll down to Content Menu types
Highlight the first Context menu item
Then hold down the Shift key and select the last Context menu item
So that now All Context Menu items are highlighted
RIGHT CLICK and choose SAVE SELECTED ITEMS
Give the text file a name and save too desktop
Post the contents of that log here, might help to track down the problem
« Last Edit: May 26, 2007, 01:58:45 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #10 on: May 26, 2007, 09:56:38 PM »
Here are the results from shexview,

==================================================
Extension Name    : 7-Zip Shell Extension
Disabled          : No
Type              : Context Menu
Description       :
Version           :
Product Name      :
Company           :
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\Program Files\7-Zip\7-zip.dll
CLSID             : {23170F69-40C1-278A-1000-000100020000}
File Created Time : 1/20/2007 6:11:38 AM
CLSID Modified Time: 5/6/2007 11:01:50 PM
Microsoft         : No
File Extensions   : *, Directory
File Attributes   : A
File Size         : 146,432
==================================================

==================================================
Extension Name    : avast
Disabled          : No
Type              : Context Menu
Description       : avast! Shell Extension
Version           : 4, 7, 936, 0
Product Name      : avast! Antivirus
Company           : ALWIL Software
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\Program Files\Alwil Software\Avast4\ashShell.dll
CLSID             : {472083B0-C522-11CF-8763-00608CC02F24}
File Created Time : 2/5/2007 11:16:25 PM
CLSID Modified Time: 2/5/2007 11:16:31 PM
Microsoft         : No
File Extensions   : *, Folder
File Attributes   : A
File Size         : 69,632
==================================================

==================================================
Extension Name    : CryptPKO Class
Disabled          : No
Type              : Context Menu
Description       : Crypto Shell Extensions
Version           : 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\cryptext.dll
CLSID             : {7444C717-39BF-11D1-8CD9-00C04FC29D45}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/1/2007 10:09:17 PM
Microsoft         : Yes
File Extensions   : .pko, PKOFile
File Attributes   : A
File Size         : 53,760
==================================================

==================================================
Extension Name    : Encryption Context Menu
Disabled          : No
Type              : Context Menu
Description       : Windows Shell Common Dll
Version           : 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\SHELL32.dll
CLSID             : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/2/2007 3:18:29 AM
Microsoft         : Yes
File Extensions   : *, Directory
File Attributes   : A
File Size         : 8,453,632
==================================================

==================================================
Extension Name    : MCLiteShellExt Class
Disabled          : No
Type              : Context Menu
Description       : ICQLiteShell Module
Version           : 20, 52, 2573, 0
Product Name      : ICQLiteShell Module
Company           :
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\Program Files\ICQLite\ICQLiteShell.dll
CLSID             : {73B24247-042E-4EF5-ADC2-42F62E6FD654}
File Created Time : 2/21/2007 8:19:11 PM
CLSID Modified Time: 2/21/2007 8:19:15 PM
Microsoft         : No
File Extensions   : *, Directory
File Attributes   : A
File Size         : 57,451
==================================================

==================================================
Extension Name    : Microsoft New Object Service
Disabled          : No
Type              : Context Menu
Description       : Windows Shell Common Dll
Version           : 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\SHELL32.dll
CLSID             : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/2/2007 3:18:28 AM
Microsoft         : Yes
File Extensions   : Directory\Background
File Attributes   : A
File Size         : 8,453,632
==================================================

==================================================
Extension Name    : Microsoft SendTo Service
Disabled          : No
Type              : Context Menu
Description       : Windows Shell Common Dll
Version           : 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\SHELL32.dll
CLSID             : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/2/2007 3:18:28 AM
Microsoft         : Yes
File Extensions   : AllFilesystemObjects
File Attributes   : A
File Size         : 8,453,632
==================================================

==================================================
Extension Name    : Offline Files Menu
Disabled          : No
Type              : Context Menu
Description       : Client Side Caching UI
Version           : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\System32\cscui.dll
CLSID             : {750fdf0e-2a26-11d1-a3ea-080036587f03}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/2/2007 3:18:50 AM
Microsoft         : Yes
File Extensions   : *, .lnk, .pif, Directory, Drive, lnkfile, piffile
File Attributes   : A
File Size         : 326,656
==================================================

==================================================
Extension Name    : Open With Context Menu Handler
Disabled          : No
Type              : Context Menu
Description       : Windows Shell Common Dll
Version           : 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\SHELL32.dll
CLSID             : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/2/2007 3:18:28 AM
Microsoft         : Yes
File Extensions   : *
File Attributes   : A
File Size         : 8,453,632
==================================================

==================================================
Extension Name    : PsiCtx Class
Disabled          : No
Type              : Context Menu
Description       : Saitek much loved shell features...
Version           : 2,09,002,020
Product Name      : Configuration Software
Company           : Saitek
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\Program Files\Saitek\Software\SaiShell.dll
CLSID             : {F4291C6A-B0E2-4502-A8A8-AD8F0919B5B6}
File Created Time : 2/22/2007 8:21:45 PM
CLSID Modified Time: 2/22/2007 8:21:50 PM
Microsoft         : No
File Extensions   : .386, .psi, .vxd, psifile, vxdfile
File Attributes   : A
File Size         : 25,600
==================================================

==================================================
Extension Name    : Shell extensions for sharing
Disabled          : No
Type              : Context Menu
Description       : Shell extensions for sharing
Version           : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\ntshrui.dll
CLSID             : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/1/2007 10:09:17 PM
Microsoft         : Yes
File Extensions   : Directory, Drive
File Attributes   : A
File Size         : 143,872
==================================================

==================================================
Extension Name    : SimpleShlExt Class
Disabled          : No
Type              : Context Menu
Description       : ACE Context Menu
Version           : 1, 0, 0, 1
Product Name      : ACE Context Menu
Company           :
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
CLSID             : {5E2121EE-0300-11D4-8D3B-444553540000}
File Created Time : 10/19/2005 11:17:58 AM
CLSID Modified Time: 2/2/2007 8:11:06 AM
Microsoft         : No
File Extensions   : Directory\Background
File Attributes   : A
File Size         : 73,728
==================================================

==================================================
Extension Name    : WMP Add To Playlist Launcher
Disabled          : No
Type              : Context Menu
Description       : Windows Media Player Launcher
Version           : 11.0.5721.5145 (WMP_11.061018-2006)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\wmpshell.dll
CLSID             : {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/6/2007 10:15:20 AM
Microsoft         : Yes
File Extensions   : .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, .wax, .wm, .wma, .wmv, .wmx, .wpl, .wvx, AIFFFile, ASFFile, ASXFile, AUFile, AVIFile, m3ufile, MIDFile, mp3file, mpegfile, SoundRec, WAXFile, wmafile, WMVFile, WPLFile, WVXFile
File Attributes   : A
File Size         : 99,840
==================================================

==================================================
Extension Name    : WMP Play As Playlist Launcher
Disabled          : No
Type              : Context Menu
Description       : Windows Media Player Launcher
Version           : 11.0.5721.5145 (WMP_11.061018-2006)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
My Computer       : No
Desktop           : No
Control Panel     : No
Filename          : C:\WINDOWS\system32\wmpshell.dll
CLSID             : {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}
File Created Time : 8/4/2004 8:00:00 AM
CLSID Modified Time: 2/6/2007 10:15:20 AM
Microsoft         : Yes
File Extensions   : .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, .wax, .wm, .wma, .wmv, .wmx, .wpl, .wvx, AIFFFile, ASFFile, ASXFile, AUFile, AVIFile, m3ufile, MIDFile, mp3file, mpegfile, SoundRec, WAXFile, wmafile, WMVFile, WPLFile, WVXFile
File Attributes   : A
File Size         : 99,840
==================================================
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #11 on: May 26, 2007, 10:06:35 PM »
Can you fire up shexview.exe
Can we disable the Non Microsoft extensions for now and see if your problem is resolved

Find the following Context Menu items
7-Zip Shell Extension
avast
MCLiteShellExt Class
PsiCtx Class
SimpleShlExt Class

Right click on each and Disable Selected item
Ok the prompt

Close down Shexview
Try start->right click-> explore
Any errors?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #12 on: May 26, 2007, 11:57:34 PM »
I disabled all of the ones above.  Still got the "data execution prevention" and it shut down windows explorer.

Here is what the windows told me when I clicked on "what should I do"

"Data Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features"
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #13 on: May 27, 2007, 09:17:21 AM »
Ok, those context menus don't appear to be the problem

Do you have all latest High Priority updates from Windows installed? (Besides IE7)
Just by chance, do you have any large .avi files on your computer, in what location?

Can you let me know what steps your taking here
Quote
when I go start->right click-> explore
Do you mean Start>>right click MyComputer?

Old DivX codecs have been know to cause this problem also

Can i see an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
« Last Edit: May 27, 2007, 09:24:10 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #14 on: May 27, 2007, 10:45:56 PM »
yes I believe I have all the updated security patches from Microsoft.

No I don't believe I have any large .avi files.

It happens when I click on C: either by using explorer or if I go through my computer.  As soon as I select the c drive the hour glass comes on and then the error message.

Here is the uninstall log.

2142 Sig Generator
7-Zip 4.44 beta
Adobe Acrobat 5.0
Adobe Creative Suite
Adobe Flash Player 9 ActiveX
AIM 6.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Battlefield 2(tm)
Battlefield 2142
Canon EOS 10D WIA Driver
EA Link
EPSON Printer Software
File Renamer - Basic
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
ICQ 5.1
iTunes
Java(tm) SE Runtime Environment 6
Java(tm) SE Runtime Environment 6 Update 1
LaserJet 1020 series
LeechFTP
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (2.0.0.3)
Multimedia Mouse Driver
NVIDIA Drivers
OpenOffice.org 2.1
OrderReminder HP LaserJet 1020
Panda ActiveScan
Panda Antivirus + Firewall 2007
Pdf995
PdfEdit995
Picasa 2
QuickTime
Realtek AC'97 Audio
Saitek Configuration Software
Saitek NT Controller Drivers
SeaMonkey (1.1)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
ShowShifter
SpeechRedist
TaxCut Premium 2006
Turbo Lister 2
Unreal Tournament 2004
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Defender
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Xfire (remove only)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Computer stuck rebooting
« Reply #15 on: May 27, 2007, 11:40:37 PM »
Have you ensured that all device drivers are up to date from manuf. website

Do you get this error in safe mode also?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Lucifer

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Computer stuck rebooting
« Reply #16 on: May 28, 2007, 04:58:12 PM »
[quote name=\'guestolo\' post=\'331958\' date=\'May 27 2007, 10:40 PM\']Have you ensured that all device drivers are up to date from manuf. website

Do you get this error in safe mode also?[/quote]

I will check the drivers.  The problem does not happen in save mode.
Logged
Pages: [1]
« previous next »