PDA

View Full Version : Need Help w/ error message "End Program N"



pgrif92uab
04-02-2010, 06:46 AM
All programs on my pc (Windows XP) is running okay with exception of Internet Connection. I cannot go on any sites either on Firefox or on IE. I also cannot check emails/print on wireless printer. It does not shut down or go in stanby without getting the "ending program n" message. I have done a Spybot Search and Destroy Scan. It did show some spyware problems which were fixed. But the problem still exist!

I currently have Spybot Search and Destroy, AVG Free, and PC Tool Registry Mechanic on my computer. All of which is showing the system is clean!

I installed Hijack this on the computer and ran a scan. THis is what the log states:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:29:21, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mykidztumblebus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {D6D8B176-DEBB-40C9-AC5E-2BCF9C06735C} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ATT-SST] C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OCB\41500bd3-91c3-4bfd-a1a6-4cd7eaa78267\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowI d=HOMEPAGE,FlowParams=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126033029253
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.midsouthsteel.net/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228530339184&h=b9f9b9a82f43edab4586fbfcabdef60d/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 8757 bytes

Any suggestions would be most appreciated!

Speedy Gonzales
04-02-2010, 07:47 AM
You can tick these then tick fix checked

Close browsers

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: (no name) - {D6D8B176-DEBB-40C9-AC5E-2BCF9C06735C} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')

Do you need Motive?

pgrif92uab
04-02-2010, 07:52 AM
Okay I checked all those and "fix". Is that all - do I restart the computer?

What do you mean "Do you need Motive?"

Speedy Gonzales
04-02-2010, 07:55 AM
This O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

Is it required? Is this the same computer as the one getting blue screens?? It doesnt look like it because the other has spybot. This one doesnt

pgrif92uab
04-02-2010, 08:08 AM
No it is not the same computer. HMMM This one also has Spybot (I did a scan yesterday and fixed all the problems and this morning scan showed no problems).

The internet is still not working. I have tried several sites on both IE and Firefox. No Luck!

Speedy Gonzales
04-02-2010, 08:10 AM
Get trojan remover and install it on both. Update it then click on scan. Then select all options under the utilities menu

pgrif92uab
04-02-2010, 08:40 AM
Installed Trojan Remover on both (update and scanned). No malicious files found on either!

pgrif92uab
04-02-2010, 08:42 AM
On this computer, after each restart, I can check email or even search on one website and it works fine. After that, it gets stuck again at loading..."waiting for www."

Speedy Gonzales
04-02-2010, 08:55 AM
What browser and what site is showing waiting for www?? If its this site, it does lag. And can take ages to load sometimes

pgrif92uab
04-02-2010, 09:01 AM
I am currently trying on Firefox - tried msn.com, cnn.com, weather.com. None of them will load! Thankfully I have a second laptop that works perfectly which I am using to communicate on this site!

Speedy Gonzales
04-02-2010, 09:04 AM
Get ccleaner. (www.ccleaner.com). Install then run it. Then go to tools/startup. Then disable this entry

O4 - HKCU\..\Run: [ATT-SST] C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OCB\41500bd3-91c3-4bfd-a1a6-4cd7eaa78267\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowI d=HOMEPAGE,FlowParams=

Then reboot. Then see if things are any better. That'll tell us if this is causing what youre getting

pgrif92uab
04-02-2010, 11:01 AM
Goodness gracious...took forever to download ccleaner and run the scan. Also disabled the file you suggested. Unfortunately no luck still!

Speedy Gonzales
04-02-2010, 11:10 AM
Kill K9. Then see if the internet is working. Altho if it isnt working how are you replying? Be careful with programs you use for the registry. Delete the wrong thing, you can screw a system up

pgrif92uab
04-02-2010, 11:25 AM
I am using another computer altogether to communicate on here.

pgrif92uab
04-02-2010, 11:42 AM
I got the blue screen on the pc now! Here is what it says for technical information:

STOP: 0x0000008E (0xc0000005, 0xA9EBF744, 0x9EAAEAE8, 0x00000000)

tcpip.sys - Address A9EBF744 base at A9EB9000, DateStamp 485b99ad

pgrif92uab
04-02-2010, 11:44 AM
I got the blue screen on the pc now! Here is what it says for technical information:

STOP: 0x0000008E (0xc0000005, 0xA9EBF744, 0x9EAAEAE8, 0x00000000)

tcpip.sys - Address A9EBF744 base at A9EB9000, DateStamp 485b99ad

Speedy Gonzales
04-02-2010, 11:48 AM
On which one? The one that was bluescreening or the other one?? Thats the cause of the prob tcpip.sys

pgrif92uab
04-02-2010, 11:49 AM
the other one. This one has never blue screen.

Speedy Gonzales
04-02-2010, 11:50 AM
If its the other one (in the BSOD post). Keep the replies in the other one. Or else we're going to get confused

pgrif92uab
04-02-2010, 11:58 AM
Yes I have pretty much kept the problems/things we are doing separated.

baabits
04-02-2010, 12:06 PM
Try pinging google and see if you get a result- Go to Start > Run, type in cmd and press enter. Then type ping www.google.com and see whether you get a reply or your requests time out.

Speedy Gonzales
04-02-2010, 12:14 PM
You have to replace tcpip.sys, since thats what causing the crash.

I could use teamviewer (you would have to boot into safe mode/networking), and replace your version with mine. Since youre using SP3. Is your version of XP right up to date?

pgrif92uab
04-02-2010, 12:21 PM
Try pinging google and see if you get a result- Go to Start > Run, type in cmd and press enter. Then type ping www.google.com and see whether you get a reply or your requests time out.

Ping Google stats:
sent 4 packets/received 4 packets (lost o)
roundtrip time 53ms, max 55ms, average 54ms

Speedy Gonzales
04-02-2010, 12:30 PM
Install this (http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf&displaylang=en). Its the latest version of tcpip.sys AFAIK. Well its the same version thats on mine

pgrif92uab
04-02-2010, 12:34 PM
You have to replace tcpip.sys, since thats what causing the crash.

I could use teamviewer (you would have to boot into safe mode/networking), and replace your version with mine. Since youre using SP3. Is your version of XP right up to date?

When I was working with tech support for my internet provider, the computer would not boot in safe mode/network. It does normally but not in safe mode! Never heard of that!

I will try again after I make sure the XP is up to date.

Speedy Gonzales
04-02-2010, 12:39 PM
Safe mode / safe mode / networking are similar except networking lets you get onto the net

pgrif92uab
04-02-2010, 01:04 PM
It will not start in safe mode w/ networking. It stops (as the writing goes upward on screen). It stops after .................\windows\system32\drivers\mup.sys .

I hear it running but nothing happened!

Speedy Gonzales
04-02-2010, 01:11 PM
Well install that update anyway in normal windows. . It can take a while hanging waiting on mup.sys. Wait for it to finish

pgrif92uab
04-02-2010, 02:43 PM
Can't get to the download page with either IE or Firefox. Very frustrated! Any suggestions on how to download update without having access to internet!

Speedy Gonzales
04-02-2010, 02:53 PM
Its probably because tcpip.sys is stuffed that youre having net problems.

Download it on the other working pc and copy it using a USB flash drive if you have one. Then install it

pgrif92uab
05-02-2010, 06:16 AM
Thank you for all your help. I ended up installing Malwarebytes on both computer and removed all sorts of stuff. Since then, both computers are working fast (internet including).

Have a good day!