Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Joined
    May 2007
    Posts
    13

    Help Crashing issues

    An idiot friend of mine was on my pc and disabled alot of my Virus/Spyware protection I use AVG and ran it afterwards and discovered 15 Trojans I promptly deleted and my spyware cleaners found over 30 malwares i removed however my pc is starting to blue screen now and I can't find the cause anywhere. I can send a logfile of my hijackthis if someone has the knowledge to help also I have noticed in my regcleaner a new start up command KernelFaultCheck. Can anyone enlighten me to what that is for? Any help would be most appreciated.

  2. #2
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    I just noticed as I ran TrojanHunter that I had some Win32 Not enough storage errors.

  3. #3
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,221

    Re: Help Crashing issues

    It might be an idea for you to start with your HJT log file and we'll go through that.

    I'd suggest trying a few different scanners too. There are some good suggestions in the Spyware Trojans and Viruses Sticky Post. Best to do them in Safe Mode.

    KernelFaultCheck basically pops up when you have a BSOD crash. It's a system process and is safe to remove from the startup list.

    Oh, and welcome to PCPer fourms

  4. #4
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    Thanks for the welcome my buddy sent me here when he couldn't help told me you guys new just about everything lol. The Win32 errors are starting to scare me not sure why they are happening. And I noticed on my last blue screen there was a pagefault error. I have already ran MemTest and my RAM tested fine so I am fairly certain it's not my RAM causing this anywho here is my HJT logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:24:16 PM, on 5/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\TrojanHunter 4.6\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wscntfy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.narutofan.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R3 - URLSearchHook: (no name) - _{23678321-8BD2-4E72-DAD3-BC1FB5A11094} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb11\Ofb11.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136691232296
    O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/s...soesysinfo.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13B6D603-5CB0-4CC6-B2AE-0773DEF1E2D6}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C0121DBD-4BF8-4A30-8EAF-87FC845A1922}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DECCF2C4-9242-4A80-80F5-587F6AE1FD24}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2055AF8-4962-42A6-A1EA-7779E93A04E9}: NameServer = 194.54.90.226
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  5. #5
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Help Crashing issues

    Quote Originally Posted by Chaosbreaker31 View Post
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13B6D603-5CB0-4CC6-B2AE-0773DEF1E2D6}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C0121DBD-4BF8-4A30-8EAF-87FC845A1922}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DECCF2C4-9242-4A80-80F5-587F6AE1FD24}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2055AF8-4962-42A6-A1EA-7779E93A04E9}: NameServer = 194.54.90.226
    ^^ Please delete these entries.

    ----------------------

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    Next, please locate this file (C:\WINDOWS\system32\perfc000.dat) and upload it to www.virustotal.com to be scanned. If any of the antivirus programs detect it as suspicious or a virus, please also delete it and remove the entry from HiJackThis.

    ----------------------

    Finally, please go to Add/Remove programs in Control Panel and uninstall all old versions of SUN's Java JRE. Then, go to SUN's website and download the latest version. You must keep Java JRE plugins updated as many websites exploit vulnerabilities in older versions.
    Last edited by Ned Slider; 05-11-2007 at 01:41 PM.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  6. #6
    Joined
    Oct 2003
    Location
    Midwest
    Age
    57
    Posts
    1,207

    Re: Help Crashing issues

    You can paste it into here to get you started:

    http://www.hijackthis.de/

    Looks like at least 2 nasties...


    EDIT:

    Ned beat me.....


    Also to check if you have the latest versions of your apps you can run this, very handy...

    http://secunia.com/software_inspector/
    Last edited by Stevea; 05-11-2007 at 01:45 PM.
    ......
    ................. Heat .....................

    24/7 speeds
    w/c - * GA-EP45-UD3P - Q9650 - 3737 - 9x415 * ...cpu-z... w/c - GTX260
    w/c - * A8N32-SLI-Dlx - Opty 170 - 2925 - 9x325 * ... cpu-z ... w/c - GTX260
    w/c - * A8N32-SLI-Dlx - Opty 170 - 2826 - 9x314 * ... cpu-z ... a/c - GTX260
    w/c - * A8N32-SLI-Dlx - Opty 165 - 2250 - 9x250 * ... cpu-z ... a/c - GTS250

  7. #7
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Help Crashing issues

    Oops - missed one - this one needs to go to. Make sure the file (C:\WINDOWS\svchost.exe) is really gone.

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  8. #8
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    Thanks so much guys trying to take care of everything I ran the software check and alot of my Flashplayer and Java is outdated and still present however it doesn;t show up on my Add/Remove how do I remove the older versions?

  9. #9
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    I tried fixing it but it still shows up when I rescan.

  10. #10
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Help Crashing issues

    Have a look and see if the folder is still there and just delete it if it is. The scan may be showing up orphaned registry entries.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  11. #11
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    I checked for the folder and couldn't find it so should I assume it's gone? Also I crashed again trying to update software. Any info you can give me with the Win32 Storage errors?

  12. #12
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    Ok this is a Trojan Generator now my AVG keep picking it up and I keep deleteing it and it keeps coming back. I tried deleting it through HJT and I got an error. So I think this might be a big part of my problem any advice?

  13. #13
    Joined
    May 2007
    Posts
    13

    Re: Help Crashing issues

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    I found the file in my Windows folder and I deleted manually as soon as it was deleted it came back so there must be a exe reproducing it but I can't find it.

  14. #14
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Help Crashing issues

    Quote Originally Posted by Chaosbreaker31 View Post
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    I found the file in my Windows folder and I deleted manually as soon as it was deleted it came back so there must be a exe reproducing it but I can't find it.
    A colleague of mine is playing with this infection at the moment. Apparently it regenerates itself if deleted and the corresponding registry entry removed. Hang with me if you will and I'll get you detailed instructions on how to permanently remove it

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  15. #15
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Help Crashing issues

    OK, lets give this a try. Copy and paste the following code into a text file (notepad) and save it as deleteonreboot.reg

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\*\shell\Delete on reboot\command]
    @="CMD /E:OFF /C REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Currentversion\\RunOnce /v \"Del %1 OnNextReboot\" /d ^\"cmd.exe /c DEL /F /Q \\\"%1\\\"\" /f\""
    
    [HKEY_CLASSES_ROOT\*\shell\Open]
    
    [HKEY_CLASSES_ROOT\Folder\shell\Delete on reboot\command]
    @="CMD /E:OFF /C REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Currentversion\\RunOnce /v \"Del %1 OnNextReboot\" /d ^\"cmd.exe /c RD /S /Q \\\"%1\\\"\" /f\""
    Then double click the reg file to run it and accept when it asks you to confirm you want it added to the registry. This will add a Right Click menu option to "Delete on reboot".

    Now go and select the file in Explorer, Right Click on it and select "Delete on reboot". Now reboot your computer and then check to see if the file is gone. Then run HiJackThis and check that the entry is also gone.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •