PDA

View Full Version : Windows XP hangs after connecting to Internet/ opening browser



mechadios
28-11-2007, 05:53 PM
Hello Experts,

I have a strange problem. I am running on Windows XP SP2. From the last

couple of days my machine hangs after 15-20 minutes after I connect to

internet. Otherwise the machine runs fine if I don't connect net or don't

open iexplorer. I have tried using mozilla also and the same proble

encountered with mozilla. This is happening intermittently.

However in safe mode with networking everything works fine and i can

browse normally no hiccups there. Below is the log file for more details:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:17 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs

Shared\Service\APLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eLitecore\Cyberoam Client for

24Online\CyberoamClient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Manish\My

Documents\Downloads\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O1 - Hosts: 200.100.1.63 ustdc3
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-

F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-

6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-

001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-

905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1

\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\136741L.exe
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\136741W.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1

\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1

\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1

\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1

\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1

\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1

\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program

Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: &Clean Traces - C:\Program

Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program

Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?

p=ZNxmk570YYIN
O8 - Extra context menu item: Download &all with DAP - C:\Program

Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-

3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-

D3F1-45b6-BB56-3582CCF489E1} - c:\program

files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-

0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-

11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.camsps1
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
O15 - Trusted Zone: *.solutionbeacon.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative

Software AutoUpdate) -

http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter

Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/

muweb_site.cab?1155281839234
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

(get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative

Software AutoUpdate Support Package) -

http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~1\COMMON~1

\Skype\SKYPE4~1.DLL
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs -

C:\Program Files\Common Files\Creative Labs

Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape

Communications Corporation - C:\Program Files\Netscape Internet

Service\ncupdatesvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OracleClientCache80 - Unknown owner - c:\OraHome1

\BIN\ONRSD80.EXE
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check

Point Software Technologies - C:\Program

Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) -

Check Point Software Technologies - C:\Program

Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown

owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9894 bytes

mechadios
28-11-2007, 05:54 PM
One more thing the hijack this log file shows iE 6 but I had 7 and uninstalled that trying to see if that was causing the issue but the issue still persists even with Mozilla Firefox.

Renmoo
28-11-2007, 06:47 PM
Have you got any firewall installed on your computer?

(I haven't read through the log yet)

mechadios
28-11-2007, 07:26 PM
Don't have any firewall and don't even have the windows firewall enabled, my VPN had some issues with that. Moreover didn't really change anything installed/uninstalled and all of a sudden the issue started. Once I am on the net I can browse for 15-20 minutes and then everything freezes and I had to do a hard shutdown. Can't even do the Ctrl+Alt+Delete.

Thanks for your time.

mechadios
28-11-2007, 07:32 PM
Don't have any firewall and don't even have the windows firewall enabled, my VPN had some issues with that. Moreover didn't really change anything installed/uninstalled and all of a sudden the issue started. Once I am on the net I can browse for 15-20 minutes and then everything freezes and I had to do a hard shutdown. Can't even do the Ctrl+Alt+Delete.

Thanks for your time.

Speedy Gonzales
28-11-2007, 07:51 PM
I think you've got something nasty.

Put hijackthis in its own folder first, run it tick these entries, then tick fix checked.

Close browser/s.

Nasty

O1 - Hosts: 200.100.1.63 ustdc3

O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\136741L.exe

O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\136741W.exe

Safe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"

Nasty

O8 - Extra context menu item: &Search -http://edits.mywebsearch.com/toolbar...usearch.jhtml?
p=ZNxmk570YYIN

If you dont know what these are, or u didn't add them tick these

O15 - Trusted Zone: http://*.camsps1

O15 - Trusted Zone: http://vis1200.solutionbeacon.net

O15 - Trusted Zone: *.solutionbeacon.net

Get trojan remover (http://www.simplysup1.com/download/dl/trsetup.exe)

Install it run it then click on scan. Then select all options under the utilities menu. This may restore task manager.

Check add/remove programs if it opens. Look for Mywebsearch/Myway.

Uninstall it if its there.

mechadios
28-11-2007, 08:46 PM
Hello Speedy,

Thanks for your help but it didn't work :( . I ran the trozen remover and it did fix couple of registry entries but didn't work, the system hangs even now after I connect.

These entries are known I have added so should not be any issue because of these:

O15 - Trusted Zone: http://*.camsps1

O15 - Trusted Zone: http://vis1200.solutionbeacon.net

O15 - Trusted Zone: *.solutionbeacon.net


Also couldn't find Mywebsearch/Myway in Add/Remove.

Below is the new hijack log after fixing the nasty entries

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:59 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.camsps1
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
O15 - Trusted Zone: *.solutionbeacon.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155281839234
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OracleClientCache80 - Unknown owner - c:\OraHome1\BIN\ONRSD80.EXE
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8504 bytes

mechadios
28-11-2007, 08:48 PM
if you need shall upload the trozen log also if that helps.

wainuitech
28-11-2007, 09:00 PM
Go Into my sig below, download and install/ run both Spybot S & D and the Free Spyware doctor - these will more than likely find a few more.
They will help with the Browser speed, Spybot will rip out MyWay, so will Spyware doctor (usually). The latest versions of MyWay are not shown in Add/remove Programs.

While at my sig, download Ccleaner, install and run it.

When using spyware doctor, after it does the first scan on startup, go to the settings Button> Scan Setting> tick " Scan for rootkits.... See Here (http://www.imagef1.net.nz/files/Spyware_Doctor_1.jpg). The click on the Big SCAN MY COMPUTER button, it will take a lot longer to run but it should locate any other "bugs"

You may need to disable system restore as well. To do this right click " My Computer> Properties> System Restore Tab, disable restore. MyWay hides in restore, if its not disabled, it may reinfect the moment you reboot.

Had a similar customers problems today after running these two programs the browser was back to normal.

Speedy Gonzales
28-11-2007, 09:12 PM
Run hijackthis again tick this entry then tick fix checked

Close browser/s

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

Yup you may have to disable system restore.

I would also boot into safe mode, and do a search for these files

C:\WINDOWS\136741L.exe

C:\WINDOWS\136741W.exe

And delete them.

And reboot, then see if task manager opens. If its does, turn SR back on.

mechadios
28-11-2007, 09:26 PM
Guys, one clarification should I disable system restore before fixing these or first disable the system restore and then fix these, re boot and again enable this.

Speedy Gonzales
28-11-2007, 09:30 PM
Disable SR first, then boot into safe mode, and delete:

C:\WINDOWS\136741L.exe

C:\WINDOWS\136741W.exe

And if you've downloaded ccleaner and installed it.

Go to tools/uninstall. Save to text file. Copy and paste the text file here.

So, we can see whats in add/remove programs.

Then follow what WT posted.

If after deleting the above files, task manager still wont open, we may have to disable system restore again and delete whats in its folder/s.

In safe mode.

berryb
28-11-2007, 09:47 PM
If problem continues after doing what speedy suggested, try disabling McAfee for a while and test. Looks to me you have McAfee and Microsoft products running and doing the same thing at the same time. McAfee could also have done an auto update in the last couple of days that has caused the problem.

mechadios
28-11-2007, 09:47 PM
CC uninstall txt file for your reference..will do remaining steps meanwhile. Thanks!

µTorrent
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AutoUpdate
AVIcodec (remove only)
Broadcom Management Programs
CCleaner (remove only)
Check Point VPN-1 SecureClient NGX R60
Conexant HDA D110 MDC V.92 Modem
Core FTP LE 1.3c
Creative Jukebox Driver
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision M
CutePDF Writer 2.7
Cyberoam Client for 24Online
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Player
DivX Web Player
Documentation & Support Launcher
Download Accelerator Plus (DAP)
DVD Dumper 2.0
EducateU
ExtractNow
First Step Guide
Formatter Plus V1.4
GemMaster Mystic
getPlus(R)_ocx
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB926239)
ImageMixer EasyStepDVD
Intel(R) Graphics Media Accelerator Driver
Internal Network Card Power Management
Internet Service Offers Launcher
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
JFileRecovery
Keat
LimeWire 4.14.8
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP Video Decoder Checkup Utility
Modem Helper
Mozilla Firefox (2.0.0.9)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Netscape Internet Service
Netscape Web Accelerator
NetWaiting
NetZeroInstallers
Norton Security Scan
OLYMPUS Master
Oracle JInitiator 1.1.8.16
Oracle JInitiator 1.3.1.18
Oracle Web Conferencing Console
Otto
Photo Story 3 for Windows
Picasa 2
Picture Package
PowerDVD 5.7
Quest Software TOAD Standard Edition 7.6
QuickSet
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sibelius Scorch Plugin
simGangster
Skype 3.0
Skype Plugin Manager
Sonic Audio module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony DVD Handycam USB Driver 2
Synaptics Pointing Device Driver
Trojan Remover 6.6.5
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Desktop Search 3.01
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Safety Scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
XviD MPEG-4 Video Codec
Yahoo! Messenger

Speedy Gonzales
28-11-2007, 09:57 PM
Ok after you've finished doing whatever, uninstall ALL of these

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

Only 1 version of Java should be installed.

Whats Autoupdate, MCU, and Keats belong to??

If you know what they are, and what they do, leave them there.

I would update firefox as well. Its now upto 2.0.0.10

Hmm I thought WMP 11 removed WMP10's entry in add/remove programs?

And I'm pretty sure Windows Desktop Search can be a memory hog.

It can slow things down.

mechadios
28-11-2007, 09:57 PM
Hello Speedy,

couldn't find the C:\WINDOWS\136741L.exe, C:\WINDOWS\136741W.exe files in c:\windows however there is a file in windows 136741WL.DLL.

FYI, after installing cc and disabling SR I rebooted the system and it crashed in normal mode. I am working on the spydoctor and other things.

Speedy Gonzales
28-11-2007, 10:11 PM
Delete 136741WL.DLL if you can.

One site which is in chinese, said there's a trojan called Trojan-PSW.Win32.OnLineGames which uses this file.

This steals game passwords (like WOW).

BUT trojan remover should have removed it, its in its database.

Run My computer, select C: and right mouse / scan with trojan remover.

It'll scan the whole hdd.

See if it picks anything else up.

mechadios
28-11-2007, 10:26 PM
Whats Autoupdate, MCU, and Keats belong to??

Keat I know but the other two are not visible in the add remove program. MCU can be McAfee Uninstaller but am not sure?

Speedy Gonzales
28-11-2007, 10:30 PM
OK, yup thats normal sometimes. Add/remove programs doesnt show quite a few files, but cc does!

Did u manage to delete 136741WL.DLL?

Does task manager open now?

Have you disabled SR yet?

mechadios
28-11-2007, 10:38 PM
Hello Speedy,

here is my response to the queries:

Did u manage to delete 136741WL.DLL?

Yes

Does task manager open now?

in Safe mode any way it is opening by Ctrl_Alt_del, if are you asking if it opens in normal mode when it hangs then I am yet to try that.

Have you disabled SR yet?

Yes have done that and re booted but had to reboot in safe mode.

Now the trozen and spyware doctor are running in safe mode. will update soon.

Speedy Gonzales
28-11-2007, 10:39 PM
Ok cool!

mechadios
28-11-2007, 11:22 PM
Hello Speedy,

SOS!!!!! I am not able to boot the system in normal mode it throws the blue screen with some IRQ exception and ends there I have to start it in safe mode. Please help!

Speedy Gonzales
28-11-2007, 11:27 PM
IRQ exception??

You didnt install any hardware did you??

Whats the blue screen say?? Just IRQ exception?

Does it show something like STOP: xxxxx?

Can it still boot into safe mode tho??

mechadios
28-11-2007, 11:37 PM
yeh it does say STOP: 0x00000A (0x0000004, 0x000001C, 0x00000000,0x804FA227)

IRQL_NOT_LESS_EQUAL

Yeh I am able to boot in safe mode with networking.

Speedy Gonzales
28-11-2007, 11:44 PM
Hmm, boot into safe mode again. Then go to start/run.

Type msconfig. Go to the startup tab, untick everything here. Reboot.

Does it boot into normal windows now??

When does it crash?? Just before it goes into Windows or before?

mechadios
28-11-2007, 11:56 PM
yeh it crashes after the wiindows XP screen comes...

tried unchecking all the start up programs but still it crashed..something related to the file we deleted ? I don't have that now :(

mechadios
28-11-2007, 11:58 PM
http://www.gamekult.com/forum/lire_n459916_cat15/

this link has the same problem which I am getting related to some game i guess.

Speedy Gonzales
29-11-2007, 12:00 AM
I dont think that file was part of Windows, well its not a Windows file.

Boot back into safe mode, tick those entries again. Then right mouse on my computer (if its on the desktop).

Advanced tab / startup and recovery / click on edit.

Post whats there, here.

mechadios
29-11-2007, 12:07 AM
can not tick those entries in hijack as now they are gone, here is what is there in Edit of startup and recovery

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

Speedy Gonzales
29-11-2007, 12:19 AM
I'll check it out later today its 2 am!

mechadios
29-11-2007, 02:42 AM
I was trying something and tried on boot with last known good configuration and it worked with no startup. will try with normal startup and browsing and update you soon. Appreciate your efforts thank you very much.

mechadios
29-11-2007, 03:41 AM
Looks like some bigger issues for me now :(. I could start windows normally but now without even going on to net or opening the browser. Let me know if you need more details or other logs.

mechadios
29-11-2007, 04:51 AM
Looks like some bigger issues for me now . I could start windows normally but now IT HANGS without even going on to net or opening the browser. Let me know if you need more details or other logs

wainuitech
29-11-2007, 07:13 AM
If you can go into safe mode, go to add/remove programs, looking at the programs installed I'd suggest you rip out Norton Security Scan It could be Conflicting with McAfee - Personally I'd rip out McAfee as well, its known to cause many problems, startups being one if it hasn't done its job, which it hasn't and has become corrupted, disabling it on start up is not the same as removal. McAfee when damaged can be a real Ba**rd to remove, download This here (http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml) Its designed to remove damaged McAfee software.

Quick Question: Is this a Name Brand PC, Eg. HP / Compaq ?

The reason is on the boot menu
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /fastdetect /NoExecute=OptOut Its saying to boot from Partition 2, usually it is partition 1 unless there is a hidden recovery Partition.

Speedy Gonzales
29-11-2007, 07:48 AM
Unless its in the recycle bin. If you havent ticked move files to the recycle bin.

It should be here.

If it is, select it.

We'll soon find out if it was needed.

mechadios
29-11-2007, 03:50 PM
wainuitech,

That's what I doubted once I disabled the Mcafee services it ran for quite some time and when I was trying to uninstall it, it hanged and screwed the MCafee uninstaller also so will use the tool you have suggested to remove McAfee. Norton is already gone. Btw It is a Dell machine Inspiron E1505 with MEdia Center.

Speedy,

Which file in recycle bin, now it does not crash after I booted with last known good configuration but still hangs in normal mode with or without opening the browser.

Thanks

mechadios
29-11-2007, 04:05 PM
have removed Mcafee with the suggested tool and cleaned the registry with ccleaner. sucessfuly booted in normal mode, Let's see how long it runs.

Even if it runs normally now I don't have Mcafee and any other virus protection now. Do you suggest Comodo firewall or anything else? saw it in your signature. I need to have some security Mcafee was preinstalled.

Speedy Gonzales
29-11-2007, 04:13 PM
Install Avast Home (http://www.avast.com/eng/avast_4_home.html), if you want a free AV program.

Its missing a few options the Pro version has.

You do have to register for a key (you have to put your email in on the site for them to send u a key), which lasts for 12 - 18 mths I think.

If u decide to get it, after its been installed, right mouse on the a icon on the taskbar / about Avast.

Click on licence key.

And copy and paste the key in.

Once its installed tho, it gives u the option to do a boot scan or something.

Say no, it can hang.. And it'll reboot back into Windows.

Comodo is OK, it can be tricky to configure tho...But its free.

Remember to disable XP's firewall tho. Before you install it.

Dont worry about the file in the recycle bin. If it boots and doesnt crash, thats the main thing.

Check task manager if it opens... Whats using the most memory/CPU??

mechadios
29-11-2007, 04:44 PM
It hanged yet again in normal mode. Process which are taking memory are:

firefox
explorer
MSMpEng
SVChost (multiple)

Recycle bin is empty. and SR is also turned off.

mechadios
29-11-2007, 04:53 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:16 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

wainuitech
29-11-2007, 04:58 PM
click start/run type in eventvwr look in the application and the system log files, look for any that say "application Hang" double click them and post back the complete report of the latest hung item, it will say what has hung the system. If there are multi events that are different, post them as well.

Speedy Gonzales
29-11-2007, 04:58 PM
Looks like the bottom half of the log is missing.

Post another log.

Is Windows Defender running on startup??

If it is disable it, if u can.

Get rid of that Windows desktop search or disable it for now.

mechadios
29-11-2007, 05:11 PM
I don't get it in the even viewer there is no entry after July-07. I am posting hijack this. Will disable both defender and desktop search.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:57 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Manish\My Documents\Downloads\sdstart(2).exe
C:\DOCUME~1\Manish\LOCALS~1\Temp\is-5UQOF.tmp\is-Q54IO.tmp
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.camsps1
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
O15 - Trusted Zone: *.solutionbeacon.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155281839234
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Audio Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OracleClientCache80 - Unknown owner - c:\OraHome1\BIN\ONRSD80.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8386 bytes

Speedy Gonzales
29-11-2007, 05:31 PM
Put hijackthis in its OWN folder, then run it

Then tick these entries, then tick fix checked

Close browser/s.

C:\DOCUME~1\Manish\LOCALS~1\Temp\is-5UQOF.tmp\is-Q54IO.tmp

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - Global Startup: Digital Line Detect.lnk = ?

mechadios
29-11-2007, 05:42 PM
What do you mean when you say put Hijacj this in it's own folder

HijackThis.exe is in this folder C:\Documents and Settings\Manish\My Documents\Downloads\HiJackThis

Should i move it to somewhere else? I have cleared the even viewer log now if it hangs now i should get the new log and will post that as well.

Speedy Gonzales
29-11-2007, 05:48 PM
If you got the zipped version of hijackthis, unzip it.

Then make a folder called HJT and put it in.

Then run it then tick those entries

wainuitech
29-11-2007, 06:10 PM
I have cleared the even viewer log now if it hangs now i should get the new log and will post that as well. Thats strange alright - not recording since JUly - almost as if something has disabled it.

mechadios
29-11-2007, 06:28 PM
disabled both defender and desktop search but didn't reboot the system and good thing it is running fine in normal mode on net, since my last post.

fixed these entries

C:\DOCUME~1\Manish\LOCALS~1\Temp\is-5UQOF.tmp\is-Q54IO.tmp

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')


Didn't fix these what is digital line detect and igfxtray is related to something intel graphics, am just apprehensive.

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

Regarding the event viewer something did messed it up i guess as now it has started collecting log. Or is there any limit to how much it can stores and then probably it didn't store anything after exhausting the limit. now it is zero so starting it again.

Speedy Gonzales
29-11-2007, 06:34 PM
I think desktop search indexes files, and folders etc as well.

And its a bit of a memory hog.

I had it on here for Outlook. It made a hell of a racket. The hard drive noise was louder than usual.

Its similar to XP's indexing option, which is useless. And can slow things down.

OK these can stay there.

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?


Sounds good now then!

I would uninstall desktop search and defender

mechadios
29-11-2007, 07:36 PM
hanged yet again had removed windows desktop search but not defender..

there is nothing in the event log for hang but Error for source Dcom

The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

am pasting the event log for system and application after this message.

mechadios
29-11-2007, 07:36 PM
System Error log from Even viewer

Type Date Time Source Category Event User Computer
Error 11/29/2007 1:43:42 PM DCOM None 10005 Manish MECHADIOS
Information 11/29/2007 1:43:37 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:43:37 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Error 11/29/2007 1:43:37 PM Service Control Manager None 7026 N/A MECHADIOS
Error 11/29/2007 1:42:41 PM DCOM None 10005 SYSTEM MECHADIOS
Information 11/29/2007 1:41:43 PM bcm4sbxp None 6 N/A MECHADIOS
Information 11/29/2007 1:41:40 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 1:41:39 PM VNASC None 3 N/A MECHADIOS
Information 11/29/2007 1:41:38 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 1:42:03 PM eventlog None 6005 N/A MECHADIOS
Information 11/29/2007 1:42:03 PM eventlog None 6009 N/A MECHADIOS
Information 11/29/2007 1:33:56 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 1:33:50 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Error 11/29/2007 1:33:50 PM DCOM None 10000 SYSTEM MECHADIOS
Error 11/29/2007 1:33:45 PM DCOM None 10000 SYSTEM MECHADIOS
Information 11/29/2007 1:33:45 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:39 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:39 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 1:33:39 PM Service Control Manager None 7035 Manish MECHADIOS
Information 11/29/2007 1:33:39 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 1:33:39 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 1:33:32 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Error 11/29/2007 1:33:31 PM Service Control Manager None 7000 N/A MECHADIOS
Information 11/29/2007 1:33:10 PM VPN-1 None 3 N/A MECHADIOS
Information 11/29/2007 1:33:10 PM CP_OMDRV None 3 N/A MECHADIOS
Information 11/29/2007 1:32:36 PM bcm4sbxp None 6 N/A MECHADIOS
Information 11/29/2007 1:32:31 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 1:32:30 PM VNASC None 3 N/A MECHADIOS
Information 11/29/2007 1:32:30 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 1:33:09 PM eventlog None 6005 N/A MECHADIOS
Information 11/29/2007 1:33:09 PM eventlog None 6009 N/A MECHADIOS
Error 11/29/2007 1:30:10 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:29:40 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:29:10 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:28:40 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:28:10 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:27:39 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:27:09 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:26:39 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:26:09 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:25:39 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:25:09 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:24:38 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:24:08 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:23:38 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:23:08 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:22:38 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:22:07 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:21:37 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:21:06 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:20:36 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:20:06 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:19:36 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:19:05 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:18:35 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:18:05 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:17:35 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:17:04 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:16:34 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:16:04 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:15:34 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:15:04 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:14:34 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:14:03 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:13:33 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:13:02 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:12:31 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:12:01 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:11:31 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:11:01 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:10:31 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:10:00 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:09:30 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:09:00 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:08:30 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:08:00 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:07:30 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:06:59 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:06:29 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:05:59 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:05:29 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:04:59 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:04:28 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:03:58 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:03:28 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:02:58 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:02:28 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:01:57 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:01:27 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:00:57 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 1:00:27 PM DCOM None 10010 Manish MECHADIOS
Warning 11/29/2007 12:59:58 PM Tcpip None 4226 N/A MECHADIOS
Error 11/29/2007 12:59:56 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:59:26 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:58:56 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:58:26 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:57:56 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:57:25 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:56:55 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:56:25 PM DCOM None 10010 Manish MECHADIOS
Error 11/29/2007 12:55:55 PM DCOM None 10010 Manish MECHADIOS
Information 11/29/2007 12:55:31 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7035 Manish MECHADIOS
Information 11/29/2007 12:55:25 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 12:55:24 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:24 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Error 11/29/2007 12:55:24 PM Service Control Manager None 7000 N/A MECHADIOS
Error 11/29/2007 12:55:24 PM DCOM None 10005 SYSTEM MECHADIOS
Information 11/29/2007 12:55:19 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:55:19 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 12:54:52 PM VPN-1 None 3 N/A MECHADIOS
Information 11/29/2007 12:54:52 PM CP_OMDRV None 3 N/A MECHADIOS
Information 11/29/2007 12:54:19 PM bcm4sbxp None 6 N/A MECHADIOS
Information 11/29/2007 12:54:15 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 12:54:14 PM VNASC None 3 N/A MECHADIOS
Information 11/29/2007 12:54:14 PM FW1 None 3 N/A MECHADIOS
Information 11/29/2007 12:55:11 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Error 11/29/2007 12:55:10 PM Service Control Manager None 7000 N/A MECHADIOS
Information 11/29/2007 12:54:52 PM eventlog None 6005 N/A MECHADIOS
Information 11/29/2007 12:54:52 PM eventlog None 6009 N/A MECHADIOS
Information 11/29/2007 12:53:17 PM eventlog None 6006 N/A MECHADIOS
Information 11/29/2007 12:51:56 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:51:55 PM USER32 None 1074 SYSTEM MECHADIOS
Information 11/29/2007 12:51:27 PM NtServicePack None 4382 Manish MECHADIOS
Information 11/29/2007 12:51:11 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:50:55 PM Service Control Manager None 7035 Manish MECHADIOS
Information 11/29/2007 12:16:21 PM Service Control Manager None 7036 N/A MECHADIOS
Information 11/29/2007 12:16:20 PM Service Control Manager None 7035 SYSTEM MECHADIOS
Information 11/29/2007 12:13:16 PM WinDefend None 3005 N/A MECHADIOS
Information 11/29/2007 12:13:16 PM WinDefend None 3005 N/A MECHADIOS
Warning 11/29/2007 12:13:16 PM WinDefend None 3004 N/A MECHADIOS
Warning 11/29/2007 12:13:16 PM WinDefend None 3004 N/A MECHADIOS
Warning 11/29/2007 12:07:48 PM Tcpip None 4226 N/A MECHADIOS
Warning 11/29/2007 11:59:16 AM Browser None 8021 N/A MECHADIOS
Information 11/29/2007 11:41:55 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:55 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:52 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:52 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:51 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:51 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:48 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:48 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:35 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:35 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:32 AM intelppm Devices 2 N/A MECHADIOS
Information 11/29/2007 11:41:32 AM intelppm Devices 2 N/A MECHADIOS

mechadios
29-11-2007, 07:37 PM
Application error log
----------------------
Type Date Time Source Category Event User Computer
Information 11/29/2007 1:33:31 PM SecurityCenter None 1800 N/A MECHADIOS
Information 11/29/2007 1:33:31 PM WMDM PMSP Service None 105 N/A MECHADIOS
Information 11/29/2007 1:33:20 PM Creative Service for CDROM Access None 105 N/A MECHADIOS
Information 11/29/2007 12:55:24 PM COM+ (117) 778 N/A MECHADIOS
Error 11/29/2007 12:55:24 PM COM+ Unknown 4689 N/A MECHADIOS
Information 11/29/2007 12:55:10 PM SecurityCenter None 1800 N/A MECHADIOS
Information 11/29/2007 12:55:09 PM WMDM PMSP Service None 105 N/A MECHADIOS
Information 11/29/2007 12:55:02 PM Creative Service for CDROM Access None 105 N/A MECHADIOS
Warning 11/29/2007 12:53:12 PM Userenv None 1517 SYSTEM MECHADIOS
Warning 11/29/2007 12:53:01 PM Userenv None 1524 Manish MECHADIOS
Information 11/29/2007 12:51:17 PM LoadPerf None 1001 N/A MECHADIOS
Information 11/29/2007 12:51:17 PM LoadPerf None 1001 N/A MECHADIOS
Information 11/29/2007 12:51:16 PM LoadPerf None 1001 N/A MECHADIOS
Information 11/29/2007 12:51:10 PM Windows Search Service (1) 1013 N/A MECHADIOS
Warning 11/29/2007 11:59:50 AM Windows Search Service (3) 3036 N/A MECHADIOS

SolMiester
29-11-2007, 07:41 PM
I noticed you have DAP, is that download accelerator plus?, i ask cause I have had issues with that interfering with the windows shell before, this of course explorer runs in.

wainuitech
29-11-2007, 08:08 PM
Just an experiment - found something that may or may not work - are your automatic updates turned on ? If so turn them off -

Go to Start/Control Panel/Security Center and then click on Automatic Updates at the bottom of the panel. Then in the next panel that opens, select "Turn off Automatic Updates". Click on Apply, then OK your way out of all open panels. Reboot - See what happens.


Also check on this -Go to Start/Control Panel/Administrative Tools/Services. Scroll down to Net Logon. Right click on that, then Properties and choose the Dependencies tab.

If there is more than only the Workstation in the top box please advice what it is.

Speedy Gonzales
29-11-2007, 08:24 PM
Some of those entries in event viewer may have been logged, coz you booted into safe mode. Which will also log an event.

Which means some things couldnt run or load in safe mode.

Which is normal

Clear everything in event viewer. Reboot into normal windows.

Then see what comes up.

mechadios
29-11-2007, 08:55 PM
Windows updates are allredy turned off. I did it after running all the scanning and other things. thought if it is causing the issue. will update event log and upload the new one.

mechadios
30-11-2007, 04:32 AM
Found something related to the COM failure, if this is related.

http://www.castlecops.com/postx177316-0-30.html

Only difference being I am already on Autoupdate Off and this threard talks about setting off autoupdate.

This is what PCBruiser has written there

"

Auto Updates is the issue by the procedure you mentioned above, I think what was happening was that during boot Auto Updates was freezing your system until it got a stable network connection to check MS' update server, and periodically at other times holding things up until it gets a response from MS' update server.

"

mechadios
30-11-2007, 06:15 AM
Hello wainuitech,

In the dependency only workstation is there. Auto update is already off.

Hello Speedy,

this time also nothing much from the event log, guess after the system hangs nothing is written here, however this Dcom server error again but the message is different

Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error:
"Access is denied. "
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks

Speedy Gonzales
30-11-2007, 06:37 AM
Whats the number under event??

It'll will be easier to find the fix.

Run trojan remover and select all options again under the utilities menu.

mechadios
30-11-2007, 07:09 AM
don't think we can find something in the event viewer ass after I cleared that and booted normally, after it hanged here is what was there in the event log

System

Type Date Time Source Category Event User Computer
Error 11/30/2007 1:07:11 AM DCOM None 10005 SYSTEM MECHADIOS
Information 11/30/2007 1:06:16 AM bcm4sbxp None 6 N/A MECHADIOS
Information 11/30/2007 1:06:12 AM FW1 None 3 N/A MECHADIOS
Information 11/30/2007 1:06:11 AM VNASC None 3 N/A MECHADIOS
Information 11/30/2007 1:06:11 AM FW1 None 3 N/A MECHADIOS
Information 11/30/2007 1:06:35 AM eventlog None 6005 N/A MECHADIOS
Information 11/30/2007 1:06:35 AM eventlog None 6009 N/A MECHADIOS

Application event log was blank.

mechadios
30-11-2007, 07:16 AM
Hello Speedy, sent you the trozen log, it was too big to post here. utilities menu from trozen guess again switch on the automatic update. I will boot now normally shall update soon. Thank you very much for your help, you have been very helpful.

wainuitech
30-11-2007, 07:26 AM
Speedy - take a look at this Here (http://www.neuber.com/taskmanager/process/wmiprvse.exe.html) its about the service that wont run.

It looks like the network connection may be failing, and a possible reason for the lockups.

If its the network connection, the bugs may have damaged the tcpip stack, if so This (http://www.snapfiles.com/get/winsockxpfix.html) may repair it.


Gotta go out on jobs - I'll look back later - good luck

mechadios
30-11-2007, 07:35 AM
btw have uninstalled DAP and windows defender also now. Again it hanged in the normal mode.

mechadios
30-11-2007, 07:38 AM
wainuitech, would that be the issue? I can connect on net in safe mode and it works fine , doing most of the updates from this (infected) machine only?

Should I run it as many of the users have slammed it?

Speedy Gonzales
30-11-2007, 07:55 AM
And did you uninstall Windows desktop search as well.

Try that file WT posted, see what happens

Or the file here (http://cexx.org/lspfix.htm)

Run it if it says it ok dont go any further.

Speedy Gonzales
30-11-2007, 08:18 AM
Another thing, is Internet explorer the only browser thats installed??

If it is, install Firefox (http://www.mozilla.com/en-US/)

Then we may be able to find out whether IE is the prob, or not.

This entry

Information 11/30/2007 1:06:16 AM bcm4sbxp None 6 N/A MECHADIOS

Has something to do with your network card, by the looks of it.

mechadios
30-11-2007, 08:26 AM
tried what wainuitech had suggested cleared my IP and DNS and network setting. after rebooting it hanged again, worst is it didn't restore the registry which it had backedup. I restored the old one from ccbackup. i am easliy able to go on net should there be any issue becuase of networking.

I am using Firefox only that is the default browser. have made it the default after I started facing the problem. have re re installed iE. Windows search I had uninstalled already.

mechadios
30-11-2007, 08:27 AM
Another thing, now it is getting hanged anyway without going to the browser. :(

Speedy Gonzales
30-11-2007, 08:30 AM
HOW are you connected to the net?? dialup? broadband??

Are you using a modem/router??

Did u try the LSPfix ??

This computer isnt the one youre on is it, how is it getting on the internet.

mechadios
30-11-2007, 08:37 AM
Am connected through broadband. LAN. Tried LSP -Fix it says no problem found. Didn't do anything after that.

Speedy Gonzales
30-11-2007, 08:40 AM
So did u remove desktop search yet??

mechadios
30-11-2007, 08:43 AM
Yes had removed that long back?

Speedy Gonzales
30-11-2007, 08:47 AM
I replied to your PM, have you got XP Pro?

Where are u ?? Youre not in NZ / here are you??

mechadios
30-11-2007, 08:48 AM
Hi Speedy, do you need any more information please? otherwise I am also gonna crash and get on tomorrow, it's 3 AM here.

Speedy Gonzales
30-11-2007, 08:49 AM
Well yer WHAT version of XP do you have!

Home or Pro?

mechadios
30-11-2007, 08:49 AM
It's XP Media Center I guess that's different.

Speedy Gonzales
30-11-2007, 08:52 AM
Hmm ok, well it looks like that version supports remote desktop.

You just have to find it.

Check the PM I sent. You'll have to put a username / password on this computer, and tell me what they are. If you want me to check it out remotely.

I'l do it later, after u wake up!

mechadios
30-11-2007, 08:53 AM
sent you the details for connection through PM.

Speedy Gonzales
30-11-2007, 08:57 AM
Whats the username?/ mechadios?

Did u check to see if remote desktop is enabled??

mechadios
30-11-2007, 08:59 AM
have sent you the IP, User name and password. My PC is remote desktop enabled now. Please confirm if you are trying now.

mechadios
30-11-2007, 09:01 AM
sent you just now..Do i have to log off or something as I created a new user ID for you. I am logged in through another user ID.

mechadios
30-11-2007, 09:07 AM
have enabled remote desktop by right clicking the computer.you have the IP can you ping? anything else I need to do?

mechadios
30-11-2007, 09:10 AM
OK am booting into normal mode. But don't know how long would that stay?am rebooting now.

Speedy Gonzales
30-11-2007, 09:10 AM
Boot into normal windows not safe mode

mechadios
30-11-2007, 09:14 AM
yeh am up in normal mode. Please try now.

Speedy Gonzales
30-11-2007, 09:21 AM
Nup, is the username ALL in small caps??

You sure the ip is right??

If this version of Windows has Windows firewall tick remote desktop under exceptions

mechadios
30-11-2007, 09:26 AM
yes it is in all small. does not look like this will work. Please let me know if you need some other info, i will upload that.

mechadios
30-11-2007, 09:26 AM
remote desktop is there in firewall and anyway the firewall is off.

Speedy Gonzales
30-11-2007, 09:35 AM
I would say its not working, coz of the network prob, or the port for remote desktop may have to be entered into the router.

If you're using a router.

mechadios
30-11-2007, 09:36 AM
Okay, won't work as my PC again hanged in normal mode. Is there any log you need if that is of any help?

Speedy Gonzales
30-11-2007, 09:37 AM
Well the other reason it maybe hanging is its overheating.

Go into the BIOS, and see if its shows the temperature of this system.

Tell us what the temperature is.

wainuitech
30-11-2007, 09:41 AM
hi Peoples - I see its still fun and games - just poped back for a sec - Speedy I'll PM you with a possible remote solution - works good ( most of the time)

Speedy Gonzales
30-11-2007, 09:44 AM
lol ok WT coz I cant login to his remotely.

Would I (or would Mech), have to add remote desktop to the router??

Coz its not in there at the mo.

I dont know if he's got a router, or not.

I've done RD before, (and it worked), but I wasnt on broadband. then

mechadios
30-11-2007, 09:48 AM
how do I check the BIOS temp. I thought while booting if I hit Del or something it would prompt but it is not even prompting or waiting for anything. Heating won't affect safe mode is it?

mechadios
30-11-2007, 09:50 AM
Don't think can do remote desktop as it can last for long. yeh it's getting funny, okay guys am off it's 4:00 AM here. will respond tomorrow only. Thanks for your help so far.

Speedy Gonzales
30-11-2007, 09:52 AM
how do I check the BIOS temp. I thought while booting if I hit Del or something it would prompt but it is not even prompting or waiting for anything. Heating won't affect safe mode is it?

Well it can. Whether its in safe mode or normal mode.

Its part of the system not a file or anything.

Go thru the screens in the BIOS. The menu may say something like H/W monitor, or something.

Will this computer still be on after u go to bed??

mechadios
30-11-2007, 05:15 PM
Couldn't go to BIOS setup, don't know which key to hit when it is booting. Also, was going through lot of link on web which say for a Dell PC it's not possible to hack the BIOS setup and am on Dell Inspiron. But as you say heating would affect the safe mode also, am on in safe mode for like long time, should heating be an issue then.

If I leave it on would you be able to access it? As I can leave it on only in safe mode in normal mode anyway it would hang.

wainuitech
30-11-2007, 05:44 PM
I think F2 on startup brings you into the Dell BIOS - not 100% sure. If you can get into the BIOS look for "health" or something like that, someplace will be the current Temp.

Speedy connected remotely to one of my workshop PC's trying a program I sent a private link to earlier today. (and the cheeky bugger :p said the all programs had more junk - HA!) :lol:

Never tried it in safemode with networking - I know the Internet will work in that mode so hopefully the remote program will also.

Update: after getting a PM - try restarting the PC in safe mode with networking - see if it crashes again, its looking like a driver issue, I'm not really feeling like wading through 10 pages of this to see if the LAN driver has been uninstalled then reinstalled - if it crashes on safe mode with networking - uninstall the LAN/network card driver reboot then reinstall it - see what happens

mechadios
30-11-2007, 06:08 PM
wainuitech, No it didn't crash even a single time since I started this thread in safe mode with networking. Every time it hangs is in the normal mode never in safe mode. I tried to go into BIOS setup by F2 but couldn't find anything related to temp/health management. All it says is my primary battery is not installed so I should go to dell.com to order new :). Battery is gone so that advise.

Am downloading the link which speedy sent, I hope it works in safe mode with Net.

LoL I graduated working on this thread only. When I started it said Junior member, now it is saying Member. Hope it does not go beyond that on this thread only :)

Speedy Gonzales
30-11-2007, 06:24 PM
I dont think it'll work in safe mode, it HAS to be in normal mode.

If u want me to connect to it remotely.

I would say you''ll have to reinstall the network drivers. First we have to find out what your motherboard is

Tell me when you've installed crossloop and send the code its got to me in a PM.

mechadios
30-11-2007, 06:32 PM
Speedy, I have installed the application and sent you a PM for the details let me know when we can connect.

Okay got your PM, I think it would work in safe mode as the application has started. I can also try connecting to you if you send me your ID for.

mechadios
30-11-2007, 06:43 PM
Speedy my apologies, sent multiples PM as in safe mode it does not display the full page, so don't know if the message was sent or not. I clicked 3-4 times.

Speedy Gonzales
30-11-2007, 06:53 PM
Install Crossloop the other program I sent to u in PM.

Then install it give me the code I think thats under host in PM.

I dont think it'll work in safe mode, so you'll have to boot into normal mode. Do u know what your system is?? like HP / whatever??

We'll have to find the network drivers for it.

Oh so u sent the PM's in safe mode from this computer??

We'll try in safe mode first then, once u install Crossloop

wainuitech
30-11-2007, 06:55 PM
Speedy, I have installed the application and sent you a PM for the details let me know when we can connect.

Okay got your PM, I think it would work in safe mode as the application has started. I can also try connecting to you if you send me your ID for. If the program works in safe mode - mechadios needs to be the Host - then tell speedy (in private) the Numbers and sit back and watch - its freaky some one working your PC from the other side of the world ( Insert spooky music here):lol:

Speedy Gonzales
30-11-2007, 06:59 PM
lol if your PC kills me somehow, expect a bill in the mail

mechadios
30-11-2007, 07:04 PM
ha ha...sent you the access code in PM. But am still in safe mode. My PC is dell Inspiron E1505. Can we try in safe mode first as I don't think there is anything we would be able to do in normal mode we would get only 5 minutes by the time I could connect and open the application.

Speedy Gonzales
30-11-2007, 07:07 PM
Doesnt work in safe mode by the looks of it. Boot into normal windows

mechadios
30-11-2007, 07:13 PM
Am up in normal mode. Please try now. Sent you the new code also in PM.

Speedy Gonzales
30-11-2007, 07:13 PM
Go here (http://supportapj.dell.com/support/downloads/driverslist.aspx?c=nz&cs=nzdhs1&l=en&s=dhs&ServiceTag=&SystemID=INSPIRONI6400/E1505&os=WW1&osl=en&catid=&impid=)

And download and install the first 2 drivers under network. Then install them on this computer, then reboot.

We'll see how long it lasts then.

Get these drivers first then reinstall them then reboot. I would say thats why I cant connect to you

mechadios
30-11-2007, 07:25 PM
Okay will install and update you. Am back in Safe mode now. Gotta leave for office so will be able to update late now. Thanks.

mechadios
30-11-2007, 07:35 PM
am downloading these two:

Broadcom - Diagnostics Utility
Applies to:
440x 10/100 Integrated Controller

Broadcom - Driver
Applies to:
440x 10/100 Integrated Controller

Speedy Gonzales
30-11-2007, 07:43 PM
Thats it reboot after, then send me another code.

I'll see if I can connect.

If it works, then hopefully it shouldnt freeze.

wainuitech
30-11-2007, 07:45 PM
Just remember to accept any incomming connection from speedy - (not real name of course - thats private)

Speedy Gonzales
01-12-2007, 04:33 AM
Hmm wonder if he managed to install it and its fixed.

Since there hasnt been any reply since?

mechadios
01-12-2007, 05:33 AM
Speedy, No I coudn't install it. It says the System administrator has set policies to prevent this installation. Is it because I am trying in SAFE mode, 'cos am not sure if the installation can be completed in normal mode without the system hanging. I will try normal with only the installer running. Let me know if you have any other suggestions.

Speedy Gonzales
01-12-2007, 05:39 AM
Thats possible, it wont coz its in safe mode, try normal mode.

If any AV programs are running, disable it while you install it.

mechadios
01-12-2007, 05:53 AM
Okay I was lucky, could install it. I doubt some hardware problem as whenever I boot the system after a long time it works longer. I will start cross loop and send you the access code. Anything needs to be done now?

mechadios
01-12-2007, 06:01 AM
No luck even after the new drivers:(...It hanged again..Now when I rebooted in safe mode event log has this warning:

Windows saved user MECHADIOS\Manish registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Speedy Gonzales
01-12-2007, 06:06 AM
Get this and install it (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&DisplayLang=en)

That'll fix that error.

Umm find NDIS.sys on the computer you're on now (if its not the pc thats hanging, and if its got the same SP, as the one thats hanging).

Copy it to c:\windows\system32\drivers folder, on the pc that hangs (put it on a floppy or something). Then reboot.

You may have to try and copy it in safe mode.

I would also install this (http://www.cpuid.com/pcwizard.php)

And install it click on the _+ thing in it. It'll tell u the temp of the mobo/CPU.

Tell us what the temp is on ths computer.

mechadios
01-12-2007, 06:28 AM
Am using only one PC the one which is hanging. Morning was at work so had another one. Can I find NDIS.sys from net? Microsoft or somewhere?

mechadios
01-12-2007, 06:47 AM
temperatures

<<< Voltage, Temperature and Fans >>>

> Monitoring Chip : SMSC

>> General Information
ISA Address : 0x62
Support : 0KD882

> Voltage CPU : 1.23 V

>> General Information CPU
Voltage : 1.225 V
MaxVID : 1.225 V
MinVID : 0.950 V

> Processor Temperature : 46 °C

>> General Information
tMax : 100°C

> ACPI Thermal Zone : 46 °C

>> General Information
ACPI Thermal Zone #1 : 46 °C

> Hard Disk Temperature FUJITSU MHV2060BH : 46 °C

mechadios
01-12-2007, 06:53 AM
Came down a bit after some time, running the PC now for 10 minutes


> Processor Temperature : 46 °C

>> General Information
tMax : 100°C

> ACPI Thermal Zone : 32 °C

>> General Information
ACPI Thermal Zone #1 : 32 °C

> Hard Disk Temperature FUJITSU MHV2060BH : 47 °C

Speedy Gonzales
01-12-2007, 07:05 AM
Hmm have you got the Windows Media Edition cd?

Or was it preinstalled?

If it was preinstalled is there another partition on that hard drive?

mechadios
01-12-2007, 07:07 AM
No I don't have the CD it was pre-installed. Yes there is another partition for 4 GB. Main is 54 GB.

Are the temperatures okay?

Myth
01-12-2007, 07:09 AM
This isn't really going to be of much help.. but it's been 2 days. By now, one could have backed up all data to another harddrive or cd, and reformatted. Then reinstalled new drivers on the new install ...
At what point does one say 'enough'?

Edit: ok, no cd. Hopefully the 4GB partition is a recovery partition

mechadios
01-12-2007, 07:11 AM
Let us try Cross Loop I sent you the access code.

One query

Can VPN cause any issue, I have a secured VPN client Checkpoint, services were manual but still I disabled and now the PC is okay for last 20 minutes. These are the services I disabled, too early to be judgmental but just in case

Check Point SecuRemote Service
Check Point SecuRemote WatchDog
Creative Service for CDROM Access
DSBrokerService
Google Updater Service
Media Center Extender Service
Media Center Scheduler Service
Netscape Update Service
OracleClientCache80
WMDM PMSP Service
Windows Installer
Error Reporting Service
Network Location Awareness (NLA)

I don't have the google updater installed just checked.

mechadios
01-12-2007, 07:13 AM
Myth, guess with a pre-installed XP that would have been something with all the drivers and things.

Speedy Gonzales
01-12-2007, 07:16 AM
Yup temp looks ok to me... I dont think the temp is making it freeze.

The only thing we can we try (if we can figure it out), is how to get an new copy of ndis.sys installed from the other partition.

To see if ndis.sys is the prob.

But yup other than that restore it if the other partition is a recovery partition

mechadios
01-12-2007, 07:20 AM
Is there any link or information so I can follow the steps if I want to restore. Also, how do I check if the other partition is recovery partition (Sorry but am technically challenged :).

Btw it is running from last half an hour :)

Speedy Gonzales
01-12-2007, 07:26 AM
Sounds like whatever you enabled or disabled in services may have made something more stable.

Just be careful of WHAT services you disabled.

I did that a few months ago, and my network died lol. My network places froze / crashed, when I went to see if it worked.

Lucky I had made a document of what I changed and the default settings.

If you've got MCE 2005, go here (http://www.blackviper.com/WinXP/servicecfg.htm)

And see what your services are set at now, and compare them to MCE 2005 on the above site.

Whats different?

You usually press F10 to restore on bootup or something.

If it does work however, whatever you did AFTER you brought this computer, will /may have to be reinstalled again.

mechadios
02-12-2007, 07:39 AM
Speedy,

I tried to restore from dell partition but couldn't do it as it was deleted from my PC.Don't know how? So was struggling.

Finally I think I found the issue. The problem as you had pointed out was with Network Adapters drivers. Since you had asked me to install that driver for " Broadcom - Driver Applies to:
440x 10/100 Integrated Controller". After I installed that and probably after the installation in the third reboot it worked for like one hour with internet. So services thing was a gimmick I concentrated on that but that was not the reason.

Since the problem started with PC hanging, only when the LAN chord was connected which forces the network adapter to be enabled and the driver is active. Somehow during our troubleshooting the PC was locking without even connecting the LAN chord. However now it's again only when I connect the LAN chord in normal mode. Otherwise the PC is not locked if I don't connect the chord. If i go to un-install the program now it says fatal error can not uninstall and if I direct install that also does not work. So I can not replace the driver/program. That's where I need your expert advise to remove this driver and reinstall a new one.

One thing which is still puzzling me, why then this driver works fine in safe mode. If I am in SAFE mode with networking everything is fine including the net.

I am sure now this is the problem, and probably you would have a solution to remove this driver/program and install the new one. Thanks!

Speedy Gonzales
02-12-2007, 08:03 AM
Well I cant help with uninstalling it, since I cant connect to you.

So what did u try uninstalling?? The driver??

What happens if u try and delete it in device manager, in normal windows or safe mode?? Does it say fatal error?

You still have to be careful on WHAT services you disable.

As some services if u disable them, will affect other services.

It may work in safe mode, coz a certain part of it may still be disabled (what part I dont now)!

Try this unzip those new drivers you downloaded.

If its a zip file. Has it got an inf file in it??

If it has, go to device manager, go to the network card entry, double click on it, go to the driver tab, update driver, select no not this time select the advanced option, point it to the folder with the inf file in it then OK.

If it does work it MAY overwrite the drivers that are installed

If that doesn't work start from the drivers tab, try roll back driver and uninstall driver. See if one of these work.

Or if that doesnt work, if the network card is onboard, disable it in the BIOS. Boot into windows, reboot.

Go back into the BIOS enable the network card again, save the settings in the BIOS.

See if it picks it up or brings up a window and asks for the drivers.

It may reinstall the drivers, or ask you for the disk / files.

If it does, try installing the network card drivers again.

And if this doesnt work, it maybe that ndis.sys file thats the main prob..

Somehow, you'll have to get it from somewhere and overwrite the ndis.sys file thats installed.

I have a feeling its say fatal error coz its looking for the other partition (where the drivers are / should be), and its not there.

mechadios
02-12-2007, 07:12 PM
Tried all you suggested but no luck. I will try to get the ndis.sys sys file from somewhere. I compared the services in normal and SAFE mode, I disabled all the services which didn't start in SAFE mode, but even after disabling below two services started in normal mode

IPSEC Services Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.

NICCONFIGSVC Configure your Internal Network Card power management settings.

In normal mode it hanged again, but how come these services were started in normal mode when I had disabled those.

Speedy Gonzales
02-12-2007, 07:20 PM
In safe mode, it disables whatever (this includes programs that usually run on startup, and some services), so you can actually boot into safe mode.

It loads the minimal amount of resources (like things in startup), like if u get something like malware / trojans etc. You can hopefully remove it.

Since the files these use dont usually run in safe mode.

And some programs cant be installed in safe mode, because a service it needs is usually disabled.

mechadios
06-12-2007, 01:07 AM
Speedy, am back to square one. I fromatted the hard driver and installed XP again, then installed the drivers again and guess what it hanged yet again after opening the browser. Is my ethernet card having some issue? Then why would it work in safe mode?

Or is there any issue with my Internet Service Provider, though I checked with me and he disagreed. I have been using this ISP for more than a year. Is there anything to do with the hardware?

Thanks

Speedy Gonzales
06-12-2007, 06:34 AM
Get another network card. Disable the onboard network card.

I already told u why it works in safe mode. I'm not going to repeat myself.

If it still hangs replace the motherboard . You may have to replace the ram and CPU. Depending on what mobo u get.

gurpreetsinghbagga
09-06-2008, 04:57 PM
Hi Mechadios,

I am also facing same problem !! Are you able to solve the problem...!! Can you please tell me what you did to fix it..!!

Thanks and Regards,
Gurpreet Singh


Speedy, am back to square one. I fromatted the hard driver and installed XP again, then installed the drivers again and guess what it hanged yet again after opening the browser. Is my ethernet card having some issue? Then why would it work in safe mode?

Or is there any issue with my Internet Service Provider, though I checked with me and he disagreed. I have been using this ISP for more than a year. Is there anything to do with the hardware?

Thanks