| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 103885 | 2009-10-09 14:23:00 | Please help - "End Program - n" on Shut Down | skelseyc (15318) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 818567 | 2009-10-09 14:23:00 | Hello, can anyone here help me out? This phenomenon started a few days ago for no apparent reason - I have not done anything differently. Computer suddenly gets mad slow and I can HEAR something running in the background. Simple things like surfing the net become impossible. On Shut Down or Restart I get a message saying "End Program -n." Each times this happened I was surfing the internet using Firefox and nothing else. (I saw on the other thread that it was suggested to uninstall and reinstall Firefox but that did not solve the problem for that person.) No idea what this means or is. I googled it and came up with a couple of places (this one included) but the threads I found didn't seem to have a resolution to the problem. So I am wondering if anyone here knows for sure what this is? I have Windows XP, Version 2002, Service Pack 3. I have a Compaq Presario Notebook PC, V5206OM. Mobile AMD Sempron Processor 3300+ (2.0 GHz). 60GB hard drive. (No idea if this information is necessary; I'm just trying to provide what little info I can.) I saw that Malwarebytes is recommended and so I downloaded it and did a scan. It found 1 problem, some kind of key registry I think. I removed it, but later the same problem - End Program n - happened again so that was not the problem apparently. (I do not remember exactly what Malwarebytes removed but perhaps I can find out if necessary.) This is after restarting several times. (Also, another question, less important. When installing Malwarebytes I get the Destinations window that says "The feature you are trying to use is on a CD ROM......" Any idea what I need to do about that? I can click X or cancel and get it to work eventually but what IS that?) I also got Security Task Manager but I didn't see anything that looked pernicious to me, and I confess I don't really understand how to get the most from that program. I also see something about Hijack This. Is this something I need to run and then post? Thanks to anyone who can help me out with this. If anymore info is needed, please let me know. KC |
skelseyc (15318) | ||
| 818568 | 2009-10-09 18:27:00 | Are you using Comodo Security Firewall? There has been a recent problem with an update which caused it to be continually seeking (>90% CPU) for more updates. Solution is to delete bases.cav file and get a new update. See Comodo Support site for details. | coldot (6847) | ||
| 818569 | 2009-10-09 19:35:00 | Hello coldot ~ No, I do not have Comodo. Thanks for the suggestion, though. Any other ideas? |
skelseyc (15318) | ||
| 818570 | 2009-10-09 19:44:00 | Post a hijackthis log, install / run it Click on scan the system and save a log. Copy and paste the log here | Speedy Gonzales (78) | ||
| 818571 | 2009-10-09 20:45:00 | Click the Start button, L-click All Programs then Accessories>System Tools>System Information, L-click that then Software Environment>Startup Programs, this lists the progs that are running, including the ones in the Startup folder (All Programs>Startup), also check Running Tasks under Software Environment. this may help you pin it down. Do as Speedy says, too. |
feersumendjinn (64) | ||
| 818572 | 2009-10-10 18:26:00 | Log from HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:24:44 PM, on 10/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.rexplorer.net O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - a1540.g.akamai.net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - support.rexplorer.net O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - www.adobe.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 5460 bytes Thanks to anyone who can help! |
skelseyc (15318) | ||
| 818573 | 2009-10-10 18:35:00 | Speedy ~ I also did what you suggested and ended up with a massive list of Startup items. Should I post that here as well? I like your quote from the admiral, btw. :) KC |
skelseyc (15318) | ||
| 818574 | 2009-10-10 20:03:00 | Post ALL of the log, whats running on startup is the main part You can tick thse for now then tick fix checked. Disable system restore Close browsers O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) Did you add this? If you didnt tick this entry O15 - Trusted Zone: *.rexplorer.net |
Speedy Gonzales (78) | ||
| 818575 | 2009-10-11 01:17:00 | Speedy ~ Sorry, but you're dealing with a rather inexperienced person here. When you say post ALL of the log, do you mean the HJT log or the one I get from the System Information > Software Environment protocol you told me to follow? I copied everything I know to copy from HJT. If I did it wrong, please tell me how to do it right. As far as the System Information thing - if this is where you mean for me to be more thorough, please explain how to do that also. Does this mean to post logs from BOTH Startup Programs and Running Tasks, or does it mean something else entirely. Also - I gather that you mean on HJT I can tick 03 & 015. But what does "Disable System Restore" mean? Also you say to close browsers. Is this necessary to do before even running HJT or before ticking or what? Why would I need to do that? Sorry for all the questions. I appreciate the help - thanks a bunch. KC |
skelseyc (15318) | ||
| 818576 | 2009-10-11 01:35:00 | There should be entries in the HJT log with 04 entries, which loads whatever programs (when you boot into windows). Theyre not in the log you posted If your keyboard has a windows key (it looks like a flag), press it and the pause key. You'll see the system screen. Go to the system restore tab. Disable it You close the browsers BEFORE you tick the entries I said to tick then tick fix checked |
Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 7 8 9 10 11 12 | |||||