Sign in to follow this  
Kravyn

Getting Random Bsod

Recommended Posts

Hi,Kravyn

 

No problme your doing a great job.

 

Next

 

please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

 

--------------

 

Download GMER to the Desktop:

http://www.gmer.net/files.php

Right click the zipped file and select: Extract all

Follow the Extracton Wizard prompts

 

Double click GMER.exe

If a security warning appears, allow the program to run

If GMER detects rootkit activity, you are prompted to scan immediately

Click Yes to begin the scan

 

If you are not prompted to Scan:

In the Rootkit tab, make sure all the boxes on the right of the screen are checked, except for "Show All"

Click the Scan button.

 

Once the scan is done, click: Copy

 

Please post the GMER results in your reply.

 

---------------

 

After running this tool and doing a scan reboot show me it's log and new HijackThis logfile.

 

Gogo ;)

Share this post


Link to post
Share on other sites

I dont know whats wrong with the gmer program but after I clicked copy it closed and nothing copied took almost 1 1/2 hours to do the scan.

Share this post


Link to post
Share on other sites

tried to do the gmer again and another problem happened the PC froze up and nothing worked even tho I could see the screen still keyboard mouse didnt react to commands I know because the keyboard lights wouldnt shut off or turn on when pressed and the PC's light showing when the PC is reacting didnt even display it was working at all.

Edited by Kravyn

Share this post


Link to post
Share on other sites
oh and im not going to be removing the flashget files I actually use it for large exe downloads.

 

im a gamer and some MMO and demo games are 1gb+ and I dont want them to disconnect during mid download because I dont want to restart from scratch each time.

There is no reason to remove flashget, it's a nice program (I use it a lot myself).

 

 

Can you post the details from the BSoD? Specificaly any numbers that start with 0x and any files that end in .sys.

Share this post


Link to post
Share on other sites

If you want to try the gmer scan, try these instructions:

 

Run a scan with http://www.gmer.net/gmer.zip (only if you have any problems with gmer, uncheck "services" "registry" and "files" and run a new scan [be sure to mention any problems]). It would be best if you ran the scan from normal mode.

 

 

Also post a comboscan log.

Share this post


Link to post
Share on other sites

I think my problem was my screensaver after 15 minutes it tries to load the problem is during one of the combofix or sdfix or superantispyware removed something and after the idle time it freezes I havent tested it out yet because I decided to not use a screen saver for now since that happened and guess what the total PC freeze stopped.

 

the BSOD was already cleared when windev and rpcc where fully removed the only main problem I had left was after all that work it caused my screensaver to go nuts lol but im not worried about that.

 

for the most part everything is working like I wanted and for gmer I dont know why but it didnt copy anything when I clicked the copy button after the long scan but didnt really matter it showed alot of files but it didnt say any where rootkits or viruses or anything so the combofix and sdfix and superantispyware did the clearing up on those.

Share this post


Link to post
Share on other sites

Hi,Kravyn

 

Could you Please show me a new HijackThis logfile,I feel you have more to do

and it would be a big plus if I had the gmer log.

 

Gogo :)

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 19:05:02 7:05:02 PM, on 4/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

H:\Memturbo 4\MemTurbo.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

Q:\EVEMon\EVEMon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe

H:\Program Files\mIRC\mirc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.118.235.195:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: MemTurbo.lnk = H:\Memturbo 4\MemTurbo.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with GetRight - Q:\GetRight\GRdownload.htm

O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html

O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html

O8 - Extra context menu item: Open with GetRight Browser - Q:\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - H:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Share this post


Link to post
Share on other sites

well actually seems my old idea of why my PC froze may have been wrong Gmer has the same problem as combofix I think that if you click it will freeze well thats an understatement it only happens if you click on the stuff it scanned tho the stuff within the window you could click on any of the tabs use any other part of it but if I attempt to highlight anything to copy a few seconds later the program will trigger a total PC freeze I even tested it out to see if that was true.

 

so that means no gmer because the first time I clicked copy without highlighting my copy paste was empty the same again which was after it froze during the second scan since I clicked on a scanned item on the list. thats 3 scans down my 4th scan which is now I decided why dont I try and highlight everything before I clicked copy a few seconds later it froze again. so basicly it wont copy unless I highlight but it will freeze if I do lol talk about messed up program.

Share this post


Link to post
Share on other sites

Hi,Kravyn

 

May I ask two things of you can you stop these two items from running at startup

I just want to check and see what if anything happens.

 

H:\Memturbo 4\MemTurbo.exe

 

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

 

both progs should have an option to do just that try it reboot tell me what if anything happens.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending your helper a PM with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this