PDA

View Full Version : Breaking down ?



norrol
22-01-2006, 06:41 PM
Have windows xp pro and over last week the following problem is getting worse. It doesnt seem to matter what I may be doining playing a game checking email etc my computer just jams up solid and the only way I can get it to work again is to press the reboot button. It will check the disk before starting up but it is sometimes jams while it is checks the disk for errors.. It will jam up like this 3 or 4 times in a row and last time I rebooted it it lost the correct time and it also damaged my anti virus key and the message I am getting is key is damaged and cant be installed.It appears I may have something that is about to give up the ghost so any help will be appreciated.Thanks

Speedy Gonzales
22-01-2006, 06:47 PM
Get this (http://www.merijn.org/files/hijackthis.zip) from here (http://www.spywareinfo.com/~merijn/)

Unzip this file, and run it then copy and paste the log here.

I fixed a pc over Xmas with the same prob, it kept on checking for errors on bootup.

I did a scan with Xoftspy, and it found over 250 entries relating to spyware/adware/trojans/worms lol. This maybe your prob.

Paste the log here, and I'll/we'll have a look at it.

drcspy
22-01-2006, 07:26 PM
could also be worth running a harddrive check .....goto www.seagate.com downlaod seatools and run it from boot up........run the 'generic diagnostic' full test......

norrol
22-01-2006, 09:39 PM
Get this (http://www.merijn.org/files/hijackthis.zip) from here (http://www.spywareinfo.com/~merijn/)
Logfile of HijackThis v1.99.1
Scan saved at 9:25:40 p.m., on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Unzip this file, and run it then copy and paste the log here.

I fixed a pc over Xmas with the same prob, it kept on checking for errors on bootup.

I did a scan with Xoftspy, and it found over 250 entries relating to spyware/adware/trojans/worms lol. This maybe your prob.

Paste the log here, and I'll/we'll have a look at it. Thanks I should mention that because of this problem I did a format of c: and reinstalled Xp with just anti virus ,Firewall ,Mail and just basic programs havnt loaded printer or any other programs. I have used Kaspersky virus ,Incredmail, Zone alarm for 3 years and never nad any problems before. Enclose copy of scan Logfile of HijackThis v1.99.1
Scan saved at 9:25:40 p.m., on 22/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\HiJack\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Controlled StartUp] D:\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

norrol
22-01-2006, 09:57 PM
could also be worth running a harddrive check .....goto www.seagate.com downlaod seatools and run it from boot up........run the 'generic diagnostic' full test......


Thanks Downloaded Seatools made floppy reboot and get following message BDOS Kernal file A:|IBMDOS.COM system halted Floppy was made and checked as okay Where to now?

Speedy Gonzales
23-01-2006, 09:44 AM
Is that ALL of the log? Looks a bit short.

I would install SP1 or SP2.

Run HJT again. Tick this entry and tick fix checked. Close browsers first.

O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing) - This may belong to a worm.

Do you know what this belongs to??

O4 - HKCU\..\Run: [Controlled StartUp] D:\StartUp Organizer\Ctrl.exe

Myth
23-01-2006, 09:53 AM
Right now I would back up any wanted/needed data from your harddrive.
Then you could look at doing whatever (HiJack this or the seagate harddrive tester)

You might also look at obtaining the latest version of memtest (google for it), shoving that on a bootable floppy or cd, and testing your RAM (after backing up your harddrive)

norrol
23-01-2006, 05:05 PM
Is that ALL of the log? Looks a bit short.

I would install SP1 or SP2.

Run HJT again. Tick this entry and tick fix checked. Close browsers first.

O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing) - This may belong to a worm.

Do you know what this belongs to??

O4 - HKCU\..\Run: [Controlled StartUp] D:\StartUp Organizer\Ctrl.exe
Start up organizer is a small program to allow you to arrange what programs you want to start at each startup .The reason there is not much showing is that because of this having the computer freeze all the time I formated c: and reinstalled xp plus just Firewall anti virus and mail programs to see if perhaps some of my software may be causing the freezing so the least I installed the less software to eliminate as the cause of this problem I am having. Really appreciate the help you are giving me Thanks Regards Ron

Speedy Gonzales
23-01-2006, 05:10 PM
Ah ok then. Just make sure u install the motherboard drivers FIRST.

Before u install any other driver. Some devices may or wont work properly without them.

Whats the hardware in the system?? (ie: motherboard/PCI cards etc). And the CPU/speed, and amount of ram in the system.

If it still freezes, it could be the hardware.

Agent_24
23-01-2006, 05:42 PM
try memtest, test harddrive, and see if you can check your pc's temperatures

norrol
24-01-2006, 12:23 AM
Ah ok then. Just make sure u install the motherboard drivers FIRST.

Before u install any other driver. Some devices may or wont work properly without them.

Whats the hardware in the system?? (ie: motherboard/PCI cards etc). And the CPU/speed, and amount of ram in the system.

If it still freezes, it could be the hardware.
Motherboard Chaintech Zenith ,CPU AMD Athlon xp 2200+ ,Ram 512,
Card Nvida GE Force FX 5200 ultra. Also used HiJack as suggested to remove shost.exe as suggested but as soon as I delete it it appears again in Sys 32 and I cant appear to get rid of it also used McAfee Stringer 259 downloaded from McAfee to check for worms etc but it hasnt found any thing in c:which appears clean

Agent_24
24-01-2006, 09:14 AM
have you tried an online anti-virus scanner, such as Trend micro's housecall (http://housecall.trendmicro.com/), or Panda ActiveScan (http://www.pandasoftware.com/products/activescan.htm)?

Speedy Gonzales
24-01-2006, 09:38 AM
That shost entry may belong to this (http://www.sophos.com/virusinfo/analyses/w32rbotaxg.html)

SurferJoe46
24-01-2006, 09:48 AM
Does anyone other than me think this is dangerous too?

I rank this one right down there with BonziBuddy and Webshots: Incredmail

Agent_24
24-01-2006, 12:30 PM
what's wrong with webshots?? i've never had any problems with it

SurferJoe46
24-01-2006, 03:59 PM
Webshots just burrows into the system and calls various things in to keep it company...like pop-ups, pop-unders, advertisements and little nagging things that tell you that there are "11,968 Registry Problems on your computer...just click here to repair it all"

I removed Webshots from a friend's dual 'puters last week..it was a real mess...almost wanted to forgo it all and do a clean install. Almost as hard to clear out as AOL. :cool:

Although they vehemently denied it, and I really believe that they don't cruise gamer sites, they had a robust dose of WildTangent there too..and guess what? I ain't gonna tell you that Webshots brought it in..cause you won't believe me anyway. :yuck:

Agent_24
24-01-2006, 04:34 PM
Perhaps there is a new version of the webshots software that includes a lot of junk. I got mine over 3 years ago and i'm pretty sure its clean.

norrol
24-01-2006, 05:55 PM
That shost entry may belong to this (http://www.sophos.com/virusinfo/analyses/w32rbotaxg.html)
Thanks for the help so far have used memtest result no errors done reinstall with just basic programs reinstalled used stringer a worm checker from McAffe no problems, full system scan with Kaspersky Virus latest version no problems used Hijack and tried to remove Shost.exe but cant remove iy.Havnt had a freeze up since I posted my thread Breaking down but think if it starts up again I need to have computer hardware checked. Have program called SANDARA which does hardware test of hardware. Would this help and perhaps show up if I have a hardware problem or is there better programs to check hardware before I start replacing items Thanks Speedy Regards Ron

Speedy Gonzales
24-01-2006, 06:06 PM
No probs. Umm nope Sandra tells u whats in the system.

It doesnt tell u what maybe 1/2 dead / dead / failing.

I would check device manager see if any entries here have a X or ! beside them.

And see if shost appears in control panel / admin tools/ services. If it does disable it. Then boot into safe mode and see if u can find shost.exe. Delete it.

norrol
25-01-2006, 01:07 PM
No probs. Umm nope Sandra tells u whats in the system.

It doesnt tell u what maybe 1/2 dead / dead / failing.

I would check device manager see if any entries here have a X or ! beside them.

And see if shost appears in control panel / admin tools/ services. If it does disable it. Then boot into safe mode and see if u can find shost.exe. Delete it.

Device Manager every thing is ok. Cant find shost.exe in services but still have file in sys 32 called rdshost.exe is this the same file as shost.exe. Cant delete this rdshost file as soon as it is deleted it just appears in sys32 again.
this Rdshost properties says Application RD SHOST Server Module size 64.00 kb. Does this help at all



rdshost.exe (5.1.2600.0)
Contained in software
Name: Windows XP Home Edition, Deutsch
License: commercial
Information link: http://www.microsoft.com/windowsxp/
File details
Filepath: C:\WINDOWS\system32 \ rdshost.exe
Filedate: 2002-08-29 14:00:00
Version: 5.1.2600.0
Filesize: 61.952 bytes
Checksum and file hashes
CRC32: 22E3FAF3
MD5: 3ED7 A7DA 2691 E220 6417 A39C 2664 E8F4
SHA1: D89E 51BD A7EE 4BFB 44DE FB43 958A BC1B 8EAC 0CF7
Version resource information
CompanyName: Microsoft Corporation
FileDescription: RDSHost Server Module
FileOS: Windows NT, Windows 2000, Windows XP, Windows 2003
FileType: Application
FileVersion: 5.1.2600.0
InternalName: RDSHost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: RDSHost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.0
What is rdshost.exe? rdshost.exe error. spyware adware virus anti virus
free spyware removal

Navigation
Browse files

• by name









Copyright © 2004 by Tegtmeier Internet Solutions Colocation: NetGate

norrol
25-01-2006, 01:12 PM
rdshost.exe (5.1.2600.0)
Contained in software
Name: Windows XP Home Edition, Deutsch
License: commercial
Information link: http://www.microsoft.com/windowsxp/
File details
Filepath: C:\WINDOWS\system32 \ rdshost.exe
Filedate: 2002-08-29 14:00:00
Version: 5.1.2600.0
Filesize: 61.952 bytes
Checksum and file hashes
CRC32: 22E3FAF3
MD5: 3ED7 A7DA 2691 E220 6417 A39C 2664 E8F4
SHA1: D89E 51BD A7EE 4BFB 44DE FB43 958A BC1B 8EAC 0CF7
Version resource information
CompanyName: Microsoft Corporation
FileDescription: RDSHost Server Module
FileOS: Windows NT, Windows 2000, Windows XP, Windows 2003
FileType: Application
FileVersion: 5.1.2600.0
InternalName: RDSHost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: RDSHost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.0
What is rdshost.exe? rdshost.exe error. spyware adware virus anti virus
free spyware removal

Navigation
Browse files

• by name









Copyright © 2004 by Tegtmeier Internet Solutions Colocation: NetGate

Speedy Gonzales
25-01-2006, 01:13 PM
Umm rdshost.exe is a windows file, it isnt a virus/nasty file.

If shost.exe isnt there, dont worry about it.