1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Random rebooting, erratic mouse behaviour, slow webpage loading...

Discussion in 'PC hardware help' started by Rutabaga, Dec 17, 2004.

  1. Rutabaga

    Rutabaga Member

    Joined:
    Dec 17, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    ...are all the problems I have.

    I had these same problems before the summer holidays, and now, not more than four months after returning, I have the same problems. I reformatted when I returned, as that was my only option at the time, not being able to connect to the internet or even access the computer.

    My mouse keeps randomly right-clicking all over the place, without me ever touching it, and also flying out to the corner of the screen at the same time. Sometimes, if I use the mouse too much (after about 10-20 minutes of browsing), it will just lock up, forcing me to restart.

    My internet connection when used with internet explorer also has delays when loading pages, longer than usual, and sometimes I have to refresh several times to get the page to work.

    Also, my computer will randomly reboot when I try to play a game, as it did before.

    A problem I had before, but not now, was after rebooting it would give me a blue screen with a whole bunch of writing on it talking about some sort of physical memory dump.

    These are the events that slowly led to this.
    http://www.microsoft.com/security/incident/blast.mspx

    This was before the holidays. I reformatted, as you know, and now I am only experiencing the mouse, slow internet problems, and random rebooting. I pray it will somehow not degenerate into the above link.

    I have an Anti-Virus program and Adware installed. Adware detected a few meager things, but it did not fix the problem. My antivirus(Panda Antivirus) detected one virus, fixing nothing...

    I am convinced this is a virus. But I need to know what type, and how I can fix it. Does anybody know a solution to this problem? I do not want to reformat again, it is a lot of time and energy wasted... I have searched for several hours now on google, but I don't see anybody with the problems I have, except for the random rebooting part.

    Also, my system specs, if they matter.

    AMD Athlon XP 1600+
    1.40 Ghz
    1.25 GB of RAM
    Geforce 5200FX

    I just recently purchased the RAM, graphics card and a new harddrive. I am ruling out all hardware problems, as this is four months after my previous experience.

    Also, when I returned from my holidays, I reformatted several times, each time I connected to the internet and downloaded google toolbar, and other progs, without anti-virus, got me the same problem. After the 3rd reformatting, I installed an Antivirus, Norton Antivirus Corporate Edition, and it didn't catch the bug again.

    These problems are just occuring today. I found that a family member opened an e-mail attachment (today), a text file with no writing in it. I believe this could be the problem. After having these problems I uninstalled my Norton Corporate Antivirus and installed Panda Antivirus and also Adware. But I have becoming more and more convinced that these programs only prevent, and do not cure.

    I apologize if my writing is disjointed, even unreadable. My eyes are dying and I have been working at this fricking problem for 5-7 hours. I could murder the people who make these viruses, which I suspect are the anti-virus companies themselves, otherwise they would be out of business if their products really did work.
     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    upgrade ad-aware6 to ad-aware se if you hadn't already. download from www.grisoft.com the free version of avg7. also do an online scan with www.antivirus.com free house call. empty your windows cookies, temp, temporary internet & temporary internet/content ie5 before running scans. what windows are you using
     
  3. Divinus

    Divinus Guest

    Agreed.

    Heh, I know how ya feel, man. I've been through that before with the unknown mystery crash. I'd listen to ddp's advice, though. He helps just about everyone on here and from what I've seen, is never wrong.

    This does sound like virus activity to me and it probably is. If you can't get anything going, I'd reformat once more and just make sure this time you take extreme precautions and closely monitor what you're dowloading. Take everything one step at a time and try to catch what program or programs is causing this activity.

    Also, you're running Win XP I'm guessing? And, do you have the latest drivers for your 5200 FX?
     
  4. colw

    colw Active member

    Joined:
    Apr 25, 2004
    Messages:
    1,602
    Likes Received:
    0
    Trophy Points:
    66
    In addition to Adaware SE and AVG7, I would also suggest downloading and installing Spybot as well. Symptoms very typical of sypware. You may also need to download HijackThis to identify rouge programs in your statup directory.
     
  5. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
  6. 72morgan

    72morgan Regular member

    Joined:
    Dec 1, 2002
    Messages:
    266
    Likes Received:
    0
    Trophy Points:
    26
    The rebooting part sounds like you might have the SASSER virus. If you can get to Symantec they have a tool taht looks for and removes the bug.
     
  7. Rutabaga

    Rutabaga Member

    Joined:
    Dec 17, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Here is my Hijack Logfile, I hope I posted it right. I tried everybody's suggestion, but they did not work. AVG, Adware, spybot, adware away... Spybot detected several things, but they were cleaned. Adware detected some at first, but they were also cleaned. AVG detected nothing, neither did housecall. Adware away detected ten Broadcast PC adware and were removed.

    I thank everybody for their help, and hope this problem shall soon be solved. If not, my cdburner is going to have a lot of work this week.

    Logfile of HijackThis v1.99.0
    Scan saved at 5:10:56 PM, on 12/18/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tom\Desktop\HT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\rskjt.exe
    O4 - HKLM\..\Run: [sysprocessor Update] sysproesor.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\System32\syssn\kolder.exe C:\WINDOWS\System32\syssn\dirote.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft None] Sea.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\RunServices: [sysprocessor Update] sysproesor.exe
    O4 - HKLM\..\RunServices: [Microsoft None] Sea.exe
    O4 - HKCU\..\Run: [sysprocessor Update] sysproesor.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3F656A-3E54-425B-9CD8-B32FE9FAD3A3}: NameServer = 195.229.241.222 213.42.20.20
    O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  8. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    Hey

    Put a tick in and remove the following:

    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\rskjt.exe
    O4 - HKLM\..\Run: [rn4d] C:\WINDOWS\System32\syssn\kolder.exe C:\WINDOWS\System32\syssn\dirote.exe
    O4 - HKLM\..\Run: [Microsoft None] Sea.exe
    O4 - HKLM\..\RunServices: [Microsoft None] Sea.exe

    Restart then delete rskjt.exe, sea.exe and dirote.exe (You may have to reboot into safe mode to do this)

    Then repost another log once done.

    CJC
     
  9. Rutabaga

    Rutabaga Member

    Joined:
    Dec 17, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I wasnt able to find the files in safe mode, but checked them as you said. Still having problems...comp rebooted alot now.

    Logfile of HijackThis v1.99.0
    Scan saved at 5:52:11 PM, on 12/18/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Documents and Settings\Tom\Desktop\HT\HijackThis.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
    O4 - HKLM\..\Run: [sysprocessor Update] sysproesor.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\RunServices: [sysprocessor Update] sysproesor.exe
    O4 - HKCU\..\Run: [sysprocessor Update] sysproesor.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  10. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    Hey

    Your log seems clean now.

    You have more then 1 AntiVirus program installed: Nortons, Panda, and AVG Free.

    You should only have ONE AV program install at any one time.

    You may want to just open up the PC and check the fans, if its an old computer, it could be chocked with Dust and the fans arnt able to rotate correctly and that is causing the computer to overheat.

    CJC
     
  11. Rutabaga

    Rutabaga Member

    Joined:
    Dec 17, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I believe I do, in fact, have both the sasser and blaster worm... The only problem is it seems I am unable to remove them... Which is probably my fault, for running an unoriginal version of WinXP.

    In my system processes it shows lsass.exe running, and several svchost.exe as well. I reformatted, and now without any antivirus, it is reproducing and filling up my system memory usage. If I end svchost it will show the shutdown message... Thanks for all your help guys, it seems I will have to find a solution to this one myself.
     
  12. kinza

    kinza Regular member

    Joined:
    Jul 22, 2004
    Messages:
    851
    Likes Received:
    0
    Trophy Points:
    46
    My computer randomly shuts down, and when I turn it on, a message days Windows has recovered from a serious error. I have tried both Ad-Aware and Norton Antivirus scans ans they both come out clean. Here is a copy of the error report, I have absolutely no idea what it means:
    BCCode : ea BCP1 : 811FC020 BCP2 : FEEAE1F8 BCP3 : FEEA1248
    BCP4 : 00000001

    Any help is appreciated. Thanks.
     
  13. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    @Rutabaga

    Having lsass.exe running, and several svchost.exe doesnt mean you have the sasser/blaster virus as its normal to have a few of each process running.

    When you are ending them, you are ending a System Process which is giving you the shutdown in 60 seconds.

    The Sasser/Blaster does that when you connect to the internet, by itself, without you ending the processes.

    But if you have run housecall at housecall.trendmicro.com and it hasnt shown anything, when you have scanned, its likely that you dont have either sasser or blaster.

    @kinza

    In your Event viewer, located in Control Panel -> admininstrative Tools -> Event Viewer

    In the System category, scroll down to about the time it restarted and click on the error that has WARNING , Double click and write down the Event ID and the error there.

    CJC
     
  14. kinza

    kinza Regular member

    Joined:
    Jul 22, 2004
    Messages:
    851
    Likes Received:
    0
    Trophy Points:
    46
    CJC, I wasn't sure at what time it happened so I have two warnings.

    1007: Your computer has automatically configured the IP address for the Network Card with network address 0040050DE0AC. The IP address being used is 169.254.238.126.
    4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Thanks
     
  15. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    Those errors are just to do with your network/internet and shouldnt restart your computer...

    ummm... You might want to, if ur computer isnt under warranty, open it up and just check the fans and see if they are still spinning and not clogged with dust.

    What are you comp. specs ?

    CJC

     
  16. walmartca

    walmartca Member

    Joined:
    Dec 19, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    ive been getting an error on my computer and same with my friends
    we both got windows 98 and have tried reinstalling things on the computer
    its a blue screen error in vxd 0028:c14eofdd
    or a variation of it
    ive been able to burn and rip movies before but when using dvd shrink when it encodes it will pop up randomly
    for my friend this happens burning with decryptor
    hes got nero 6 on his computer and the only other thing on mine is stomp record now max
    i got 128 megs of ram
    win 98, amd duron and enough to run and burn things
    it seams like a driver error or something?
    ive took appart my computer and put everything in firm to make sure it wasnt that..
    any help would be appreciated
     

Share This Page