|
-
July 16th, 2007, 07:25 PM
#1
Member
XP Help/Hijack This Help
My windows XP keeps bringing up messages such as spooler error , and services.exe error and also a services controller app error.
please help me resolve them asn when I click ok on the messages displayed the computer then gives me like 50 seconds and then shuts down. Have ran several virus scans, spyware scans in an attempt to resolve
-----------
Logfile of HijackThis v1.99.1
Scan saved at 19:13:43, on 16/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Documents and Settings\esi\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www40.brinkster.com/libertatogo/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class -
{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware
Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry
Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT
Broadband Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program
Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
- (no file)
O9 - Extra button: Bodog Poker -
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -
C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro
ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/ho.../native/x86/wi
n32/activex/hcImpl.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} -
O16 - DPF: {33331111-1111-1111-1111-622221193458} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX
6.5) -
http://eu-housecall.trendmicro-europ...let/html/nativ
e/x86/win32/activex/hcImpl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in
1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in
1.5.0_09) -
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} -
http://trueswitch.com/TrueInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - (no
file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC
Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\swdsvc.exe
-
July 16th, 2007, 09:46 PM
#2
Hmmmm,
From what I can see you have XP and IE6 without any service packs? both should be at SP2?
-
July 17th, 2007, 01:06 AM
#3
Just cut and paste the log file and run it through here; http://www.hijackthis.de/index.php
Cheers,
-
July 17th, 2007, 04:58 AM
#4
Looks pretty clean.
You could try disabling some of those O23's:
GoogleUpdaterService can go...
Maybe you've got a conflict between Spyware Doctor and AVG.
Running both AVG Anti-Spyware and Spyware Doctor may be
an issue. Play around with it.
You might try one of my favorite tricks: run a live CD (Linux distro
like Knoppix) for a few hours and see if she crashes. That's often
a good indicator whether or not you've got any hardware issues.
HTH.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
July 17th, 2007, 11:51 AM
#5
Hi,
1. Please confirm that you are running what HJT says. You should be running XP at SP2 and IE6 at SP2. If you aren't then you should update. Also apply all Windows and IE patches.
2. Look in your system and application logs (use "Event Viewer") and let us know what messages you get when it crashes.
3. Go into your BIOS setup and disable:
A. Fast boot
B. Restart on error
C. Power saving options
Do this in Windows as well and switch off any screensaver. You.want it on all the time.
4. Chkdsk and Defrag the hard drive. Also, how much available space is there on the HDD? it should be at least 20%.
5. Turn off "teatimer" (Spybot S & D) as brokencrow could well be on the right track with the conflict idea, and Teatimer is known to cause them in some situations.
Good luck, and please let us know how you get on. Please make a note of the details of any error messages or bluescreens that you get.
Last edited by nihil; July 19th, 2007 at 07:05 AM.
-
July 18th, 2007, 07:40 PM
#6
You have probably been playing around in the registry to get the services.exe error, did you make any backups prior to regedit or using registry mechanic (which IMHO you don't need on a WinXP) if not try a system restore to before you made any changes.
As has been mentioned, you need to get up to speed on the security patches, suggest you get someone to get you the streamlined CD for SP2 and unplug yourself from the net, then install the updates, (SP2 has the firewall feature so when you connect back on you will be okay until you get your AV up and running).
http://bertk.mvps.org/ (System Restore)
http://www.theeldergeek.com/slipstreamed_xpsp2_cd.htm
You can have the HJT utility fix these:
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
- (no file)
I would get Startup Inspector and control your 04's
Also what version of Messengerplus are you using and did you download the 3rd party software that came with it? (crapware LOP infections).
Also your version of Java is outdated, you will need to update it, which is odd as you had it set up to run on start so it should go out and get latest updates for you, you can download the latest version and delete/uninstall previous versions from your add/remove option.
http://www.java.com/en/download/manual.jsp
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
