| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90401 | 2008-06-02 00:03:00 | explorer crashing repeatedly | spacecad28 (13825) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 674852 | 2008-06-02 00:03:00 | Hijack this looks like this: Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 7:09:52 PM, on 6/1/2008 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Comodo\CBOClean\BOCORE . exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch . exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\PROGRA~1\Comodo\CBOClean\BOC426 . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\system32\imapi . exe C:\WINDOWS\system32\wuauclt . exe C:\WINDOWS\System32\alg . exe C:\WINDOWS\system32\taskmgr . exe C:\WINDOWS\explorer . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe C:\PROGRA~1\Comodo\CBOClean\BOC4UPD . EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\WINDOWS\system32\wbem\wmiprvse . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com O2 - BHO: (no name) - {3F201040-E21A-4690-A23C-CA791A72B268} - C:\WINDOWS\system32\urqOheBt . dll O4 - HKLM\ . . \Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon . exe" -lang 1033 O4 - HKLM\ . . \Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 LA . EXE /P24 "EPSON Stylus Photo R1800" /O6 "USB002" /M "Stylus Photo R1800" O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol . exe O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray . exe" O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe O4 - HKLM\ . . \Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426 . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Utopia Angel] "C:\Utopia\Angel\Angel . exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim . exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau . dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE . exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch . exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc . exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan . exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12 . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService . exe -- End of file - 5317 bytes I believe urqOheBt . dll may be the problem but cant seem to remove it . Any Ideas? Any other problems Im missing? |
spacecad28 (13825) | ||
| 674853 | 2008-06-02 00:20:00 | Tick these then tick fix checked Close browsers If explorer crashes while you're opening my computer, tick the entry below first then tick fix checked, then reboot, then open / run my computer, right mouse on c / scan with trojan remover Let it scan the whole hdd. Also run trojan remover after, then select all options under the utilities menu O2 - BHO: (no name) - {3F201040-E21A-4690-A23C-CA791A72B268} - C:\WINDOWS\system32\urqOheBt.dll O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" Get something better than Symantec AV |
Speedy Gonzales (78) | ||
| 674854 | 2008-06-02 00:25:00 | Angel is a program for an online game, the other was checked and set to be removed, however it was still hijackthis log at restart . In process of scanning C drive, will post when complete . |
spacecad28 (13825) | ||
| 674855 | 2008-06-02 00:31:00 | Ok you may have a Vundo infection, thats what the file you posted belongs to / installs | Speedy Gonzales (78) | ||
| 674856 | 2008-06-02 03:01:00 | Finished the check and restarted, the file was on the hijack list but listed as no file . Hijack this removed it and I ran a vundo fix program to clean up . No visible problems at this point . . . will update if it continues to crash . My Thanks for your help . Symantec was required when at college and I just never changed after graduation . . . . Any suggestions on your favorite Av program? |
spacecad28 (13825) | ||
| 674857 | 2008-06-02 03:09:00 | Avast if you want something free (avast.com) Altho you do have to register it every year (avast.com) And comodo (in my sig) is a firewall, which is also free Altho for new users it maybe a bit hard to configure. |
Speedy Gonzales (78) | ||
| 674858 | 2008-06-02 03:12:00 | Thanks, I'll look into those. | spacecad28 (13825) | ||
| 674859 | 2008-06-02 03:13:00 | No probs good to hear (hopefully) thats its fixed ! | Speedy Gonzales (78) | ||
| 1 | |||||