There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 bios boot browser bsod computer cpu crash css dell desktop driver dvd email error excel explorer firefox firefox 3 freeze game graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript lan laptop malware missing monitor msn network networking openoffice outlook outlook 2003 outlook express php popups problem problems router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless word
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
explorer.exe 0xc0000005 error


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 4 of 6 < 123 4 56 >
 
Thread Tools
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
25-Apr-2008, 05:42 PM #46
Hi,
No matter what I try, the DSS will not run, the computer simply reboots after it runs a few minutes.

I did run the other two downloads you directed.
Attached is a file from the getservice

Here is a copy and paste of the log files from the pv


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) Windows Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Browser UI Library
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266
SHDOCVW.dll 7e290000 1503232 C:\WINDOWS\system32\SHDOCVW.dll
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8478720 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
SYNCOR11.DLL 6bd00000 53248 C:\WINDOWS\system32\SYNCOR11.DLL 1.2.3 SynthCore R2.0 Midi Interface Driver
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
actxprxy.dll 71d40000 114688 C:\WINDOWS\System32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
MpShHook.dll 5f800000 90112 C:\PROGRA~1\WINDOW~3\MpShHook.dll 1.1.1593.0 Shell Execution Monitor
MSVCR80.dll 78130000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 8.00.50727.1433 Microsoft® C Runtime Library
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 8.00.50727.1433 Microsoft® C++ Runtime Library
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
NETSHELL.dll 76400000 1728512 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
urlmon.dll 7e1e0000 659456 C:\WINDOWS\system32\urlmon.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) OLE32 Extensions for Win32
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 74b30000 286720 C:\WINDOWS\System32\webcheck.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Web Site Monitor
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
stobject.dll 76280000 135168 C:\WINDOWS\System32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\System32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\System32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
printui.dll 74b80000 573440 C:\WINDOWS\system32\printui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Print UI DLL
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
browselc.dll 1200000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
IMM32.dll 76390000 118784 C:\WINDOWS\system32\IMM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
MpOAv.dll 1df0000 86016 C:\PROGRA~1\WINDOW~3\MpOAv.dll 1.1.1593.0 IOfficeAntiVirus Module
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
wuapi.dll 506a0000 557056 C:\WINDOWS\system32\wuapi.dll 7.0.6000.381 (winmain(wmbla).070730-1740) Windows Update Client API
Cabinet.dll 75150000 81920 C:\WINDOWS\system32\Cabinet.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Cabinet File API
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
asfsipc.dll 41f00000 28672 C:\WINDOWS\system32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub

-----------------

Option 2


Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Internet Explorer
ntdll.dll 7c900000 720896 C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 290816 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) GDI Client DLL
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) Shell Light-weight Utility Library
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Security Support Provider Interface
SHDOCVW.dll 7e290000 1503232 C:\WINDOWS\system32\SHDOCVW.dll
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) Net Win32 API DLL
WININET.dll 771b0000 679936 C:\WINDOWS\system32\WININET.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) Internet Extensions for Win32
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
SHELL32.dll 7c9c0000 8478720 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) Windows Shell Common Dll
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
uxtheme.dll 5ad70000 229376 C:\WINDOWS\system32\uxtheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.2518 (xpsp_sp2_gdr.040919-1056) Shell Browser UI Library
browselc.dll 20000000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258
urlmon.dll 7e1e0000 659456 C:\WINDOWS\system32\urlmon.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) OLE32 Extensions for Win32
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
googletoolbar5.dll 10000000 3665920 c:\program files\google\googletoolbar5.dll 4, 0, 1601, 4978 Google IE Client Toolbar
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
IMM32.dll 76390000 118784 C:\WINDOWS\system32\IMM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
SYNCOR11.DLL 6bd00000 53248 C:\WINDOWS\system32\SYNCOR11.DLL 1.2.3 SynthCore R2.0 Midi Interface Driver
msxml3.dll 74980000 1126400 C:\WINDOWS\system32\msxml3.dll 8.90.1101.0 MSXML 3.0 SP9
DBGHELP.DLL 59a60000 659456 C:\WINDOWS\system32\DBGHELP.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Image Helper
RASAPI32.DLL 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
msv1_0.dll 77c70000 143360 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Authentication Package v1.0
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
mlang.dll 75cf0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SENS Connectivity API DLL
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
dlcsIE.dll 1b70000 274432 C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll 1.0.0.8 del.icio.us Buttons for Internet Explorer
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) DNS Client API DLL
StumbleUponIEBar.dll 1be0000 991232 C:\Program Files\StumbleUpon\StumbleUponIEBar.dll 1.0.0.1 StumbleUpon Toolbar
jscript.dll 75c50000 454656 C:\WINDOWS\system32\jscript.dll 5.6.0.8835 Microsoft (r) JScript
xpsp2res.dll 1f10000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
MSGINA.dll 75970000 1011712 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Logon GINA DLL
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
odbcint.dll 2eb0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) Microsoft Data Access - ODBC Resources
sti.dll 73ba0000 77824 C:\WINDOWS\System32\sti.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
SXS.DLL 75e90000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
scrrun.dll 735a0000 151552 C:\WINDOWS\system32\scrrun.dll 5.6.0.8820 Microsoft (r) Script Runtime
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
orbitcth.dll 1350000 192512 C:\Program Files\Orbitdownloader\orbitcth.dll 2, 4, 0, 1 Orbitcth
ssv.dll 6d7c0000 503808 C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll 6.0.60.2 Java(TM) Platform SE binary
MSVCR71.dll 7c340000 352256 C:\Program Files\Java\jre1.6.0_06\bin\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
swg.dll 1a30000 344064 C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll 2, 0, 1121, 2472 GoogleToolbarNotifier
shdoclc.dll 1a90000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Doc Object and Control Library
mshtml.dll 7dc30000 3084288 C:\WINDOWS\System32\mshtml.dll 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241) Microsoft (R) HTML Viewer
msls31.dll 746c0000 159744 C:\WINDOWS\System32\msls31.dll 3.10.349.0 Microsoft Line Services library file
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\System32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper



Thanks, Jeff
Attached Files
File Type: txt getservice.txt (53.4 KB, 7 views)
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
25-Apr-2008, 10:00 PM #47
Hi, jeff1111

It is a mystery.

Right click on My Computer. Select Properties. Select the Advanced tab. Under Startup and recovery, click on Settings. Under System failure, remove the checkmark from "Automatically restart".

Now, if for some reason the computer attempts to restart, it should not and as error message on a BSOD should be returned. If it does, post the contents of the error message.
On the process above, after selecting Properties, allow the information to load in that window. Compare the information therein concerning your physical memory.

Please go to Virus Total and scan the following file:

C:\Windows\Explorer.exe

Post the results in your next reply.

I will ask you at this time to rename Combofix during its download. You cannot rename Combofix after it is downloaded. It may create a lot of problems. Also, do not rename Combofix unless instructed by an authorized member, and only using the name provided.

Please remove the version of Combofix present in your computer, if any, then follow these steps:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, change the name of the download from Combofix to MyPoppy.
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on Mypoppy.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post the "C:\Mypoppy.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
__________________
Sometimes I think I understand everything,
then I regain consciousness.



If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions. For further help, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 07:48 PM #48
Did what you wrote in the last post

Attached are the results of the Virus Total scan

Attached is a log file that popped up after combo fix ran

Attached is the combofix.txt file that was created**

I did rename it MyPoppy prior to Downloading it but the file
created at the end was named combofix.

And below is the Hijack This log I ran after the MyPoppy finished.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:10 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.createthechange.com/news.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vitagenesis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_1/controls/ybrequest.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_6_1/controls/YBUICtrl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9553 bytes



Thank you,
Jeff
Attached Files
File Type: txt log.txt (66.4 KB, 17 views)
File Type: txt virustotal.txt (10.2 KB, 15 views)
File Type: txt ComboFix.txt (66.4 KB, 6 views)
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
27-Apr-2008, 04:53 AM #49
Hi, jeff1111

What puzzles me is that combofix runs when renamed, but not when ran as Combofix. Please go to Virus Total and scan the following files:

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\REGSHAVE\REGSHAVE.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

Post the reports only if something wrong is found.
__________________
Sometimes I think I understand everything,
then I regain consciousness.



If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions. For further help, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
27-Apr-2008, 09:49 AM #50
I ran the files, just two of them found something.

Here is the file and the link to the report.


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

http://www.virustotal.com/analisis/f...693e5d7a993a83


C:\Program Files\REGSHAVE\REGSHAVE.exe

http://www.virustotal.com/analisis/c...df79a9a8d5ec5b

Also the computer did go to the blue screen twice since I changed the option for it
to automatically restart on an error.
I could not copy or do anything with the screen as the computer was frozen. It did
say the error was

IRQL_NOT_LESS_OR_EQUAL

Stop: 0X0000000A

There was a string of more numbers/letters after that which I did not
know if it was important, I can copy them down next time it happens if
that would be of any use.

The Browseui.dll file was corrupt again today upon start up too.

Thanks,
Jeff
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
27-Apr-2008, 08:48 PM #51
Please remove all Google programs from your computer and remove the following folder if present:

C:\Program Files\Google

In your position I would also remove Orbitdownloader, AOL Toolbar, del.icio.us, and StumbleUpon and remove their folders. After cleaining the computer you can reinstall.


Any more information on that error messages such as, modules involved? What was your most recent hardware installation.

Go to Start ->Control Panel -> Administrative Tools -> Event viewer. See if there are error messages on both, System and Software
__________________
Sometimes I think I understand everything,
then I regain consciousness.



If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions. For further help, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
28-Apr-2008, 08:20 AM #52
I removed everything I could find as you suggested.
I could not find Stumbleupon for the firefox browswer, but did get it from IE.

The latest hardware installed was most likely a long time ago, I think it was a brother laser printer driver that is connected to another computer.

I haven't seen any other errors except the one I indicated in my last post.

Attached is a screenshot for application and system under event viewer. Thesee are full screen jpg's in the event you want to see what was there. There was no software section. There are many events in the two I attached.

Thanks,
Jeff
Attached Thumbnails
explorer-exe-0xc0000005-error-application.jpg  explorer-exe-0xc0000005-error-system.jpg  
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
28-Apr-2008, 10:12 AM #53
I see no signs of malware. Does this folder exist in your computer?:

C:\WINDOWS\Minidump

If Yes, does it contains any files within? IF yes, right click the latest and select send to -> Compressed (zipped) folder and attach that zipped file to a reply.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
28-Apr-2008, 10:56 AM #54
Yes I did find the Minidump folder

Attached is the zip file.

There is still some problem as the browseui.dll file is replaced with a bad file
every morning around 3am and i am still getting ocassional shut downs.

Thanks, Jeff
Attached Files
File Type: zip Mini042108-05.zip (18.7 KB, 2 views)
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
28-Apr-2008, 11:46 AM #55
Please download the enclosed folder. Save and extract its contents o the desktop. It is a folder containing a batch file. Once extracted, open the folder and double click on the RunMe.bat. Post back the resulting report.

Send me also another couple of those minidumps files.
Attached Files
File Type: zip VFind.zip (22.7 KB, 1 views)
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
28-Apr-2008, 02:59 PM #56
Attached is the result from the RunMe.bat
and two more zipped files from minidumps folder.

Thanks,
Jeff
Attached Files
File Type: txt Results.txt (1.2 KB, 5 views)
File Type: zip Mini042108-03.zip (20.8 KB, 1 views)
File Type: zip Mini042108-04.zip (16.8 KB, 1 views)
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
28-Apr-2008, 10:35 PM #57
Hi, jeff1111

This is the inormations I have been able to extract from the minidumps you have submitted. The BSOD error you are experiencing is define as follows:

IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses.

The files (modules) in question are as follows:

Quote:
update.exe (Unknown file)
MRT.exe (mrt.exe is a process belonging to Microsoft's enhanced security technologies which addresses Spyware and other processes which can monitor your Internet usage without your knowledge.)
aswSP.SYS (avast! self protection module/ALWIL Software)
ntoskrnl.exe (NT Kernel & System)
As I see it, AVAST is placing a driver in protected memory that affects Windows' kernel.

I would like to start by identifying however, that update.exe file mentioned in the Minnidumps and find out what it is for.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as RunMe.bat
  • Change the Save as Type to All Files
  • and Save it in the VFind folder created earlier. Overwrite the existing one.
  • Once saved, double click on the RunMe.bat file and post the report it shall produced.
Quote:
@ECHO OFF
If exist C:\Results.txt Del C:\Results.txt
Echo Working ..........
pushd C:\
VFind -ltf update.exe* >> C:\Results.txt
popd
Start C:\Results.txt
Exit
__________________
Sometimes I think I understand everything,
then I regain consciousness.



If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions. For further help, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 10:19 AM #58
I did as you recommended and ran the file.
Attached is the results file.

Thank you,
Jeff
Attached Files
File Type: txt Results.txt (15.8 KB, 7 views)
JSntgRvr's Avatar
Distinguished Member with 14,228 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
29-Apr-2008, 04:40 PM #59
Hi, jeff1111

It will be quite difficult to identify the update.exe file from that list. Do you have any use for the C:\Speedo Autorun Maker? How much memory (RAM) is installed in your computer? How many modules (sticks) are present?

Download the AVG Free installation file to your desktop, but do not run it yet.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Programs Related to Avast Antivirus

If for any reason you cannot remove Avast in Safe Mode, attempt its removal in Normal Mode. Once Avast is removed, (in Normal Mode) double-click on the AVG installation file on your desktop and follow the prompts for its installation. Update its definition and perform a full scan.

Please also attempt to re-enact the BSOD error message (perhaps running DSS), and let me know the outcome.

I would also like to see another (Mypoppy) Combofix log.
__________________
Sometimes I think I understand everything,
then I regain consciousness.



If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for 5 days will no longer be part of my subscriptions. For further help, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.
jeff1111's Avatar
Computer Specs
Member with 38 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 09:33 PM #60
I downloaded the AVG program

I removed Avast in Safe Mode

I rebooted and installed AVG with no problem.

When I try to run it (scan) it will run for a short time
and then have a system error. I tried more than one time
with the same problem.

The message I saw when that happened was

Driver_IrQL_NOT_LESS_OR_EQUAL
with a stop code of 0x000000D1

I also had a couple other system errors happen when I was
not running the scan. The codes were without any error description but
a stop code of 0x00000000A

My computer looks like it has 448MB RAM

I am unfamiliar with what a module (stick) is, I can tell you if you
let me know how to find the information.

I did run MyPoppy again. The first time it froze the computer, the second time it ran to completion, and I have attached the
report.

I do not know what C:\Speedo Autorun Maker is and don't ever recall using it, so I could delete it if you think I should. Please let
me know.



Thanks,
Jeff
Attached Files
File Type: txt ComboFix 08-04-24.1.txt (20.3 KB, 8 views)
Reply