PDA

View Full Version : Speedy please. HJT log for checking.



bluenose
16-12-2010, 03:48 PM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:59 p.m., on 16/12/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\system32\Pen_Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:12080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O15 - Trusted Zone: http://*.windowsupdate .com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINNT\system32\Pen_Tablet.exe

--
End of file - 6468 bytes

Speedy Gonzales
16-12-2010, 03:57 PM
Looks ok to me. But I would uninstall java then update it if its not java 6 update 23 (which just came out)

You can tick this then tick fix checked. Close browsers

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

bluenose
16-12-2010, 04:05 PM
Thanks for the quick reply Speedy.

The reason I ran the test is because the PC froze when I ran Spybot S and D with latest updates. Also froze when running MalwareBytes and SuperAntiSpyware.

Where to from here?

Speedy Gonzales
16-12-2010, 05:06 PM
Looks like cool n quiet (http://www.google.co.nz/search?client=opera&rls=en&q=cool+n+quiet+freezes+computer&sourceid=opera&ie=utf-8&oe=utf-8) can freeze a system. I would disable it. See if that makes a diff

bluenose
16-12-2010, 05:38 PM
Thanks for that info. I had just run Malwarebytes again and no probs, only 3 INL tracking cookies. Ran Spybot S&D. After about 10 minutes BSOD.

*** STOP: 0x0000001E (0xC0000005,0xB775334B, 0x00000000, 0x1AC23880)

Is that any help? I'll check on the COOLer,

Speedy Gonzales
16-12-2010, 06:34 PM
cool n quiet not the cooler. Its an option in the BIOS and the program for it is installed. Does it show the name of a file / driver under STOP: 0x0000001E

bluenose
16-12-2010, 07:02 PM
Where will I find that info?


I copied the ***STOP: information from the Bluescreen. I didn't see any filenames or I would have posted them.

I followed up on the Cool'n'Quiet but the leads I tried were dead ends,

Speedy Gonzales
16-12-2010, 07:39 PM
Under the stop error. Looks like that stop error can be caused by one of these (http://technet.microsoft.com/en-us/library/cc939014.aspx)

bluenose
16-12-2010, 09:10 PM
Sorry speedy, I've been going round in circles and getting nowhere on that page. They all seem to point to something being changed recently and that is not the case. I have added nothing, installed nothing, no updates etc. I am just preparing to upgrade from 2K Pro to XP Pro. Have not touched any Sys files or Apps.

Looks like a visit down the road tomorrow.

Speedy Gonzales
16-12-2010, 09:15 PM
And will you be doing a clean install of XP?? It may fix the crashing, if you do

bluenose
17-12-2010, 08:03 PM
I think the problem is fixed. Fingers crossed.

Yesterday was very hot here and the PC was under the desk with side panel OFF. Therefore the fans were only circulating warm air and the longer they ran the warmer the air became.

Today I have been running the PC all day with the side panel in place. The day has also been cooler. No problems so far.
Time will tell.

In regard to clean install. 2K Pro is installed and I have a sealed XP Pro upgrade. My understanding is that for the upgrade to install correctly it has to be installed over an existing OS. I have another HD of the same capacity as the one in question and also a 1TB WD desktop drive and power supply. I have a lot of data to be retained. How would you suggest I go about doing it?

Speedy Gonzales
17-12-2010, 08:13 PM
Only thing with upgrades, it can make things worse. You could try installing XP on one of the other hdd's then connect the 2k hdd as a slave if its IDE. Or connect it to a SATA connection if its SATA. Then get what you want off it. I think you can do a clean install with an upgrade. It may ask for proof of a previous OS

bluenose
17-12-2010, 09:28 PM
The two original drives are SATA and I do have the 2K Pro Disks and packaging as well as the aforementioned XP Pro upgrade. I will have to do a lot of reading over the next few days.

Many thanks for your help Speedy.

Speedy Gonzales
17-12-2010, 09:58 PM
Sweet no probs