Hi, I am a newbie,

my father's computer keeps crashing all the time on him, any help would be greatly appreciated. I have tried running avg through but it of course crashes before it gets to the end.

I have cleaned a lot of unwanted stuff on there but its really annoying him.

sometimes it works fine then others it just freezes for no reason and you cant ctrl alt del like normal freeze you have to just switch off

he always gets internet explorer error message come up when he closes screen down, and also he has a roxio error message all time.

I have managed to get a copy of his hijack log, if someone would be kind enough to take a look
________________________
This user added the following:
________________________
ok I have scanned it and put it in my documents now I cant get it so that I can post it
________________________
This user added the following:
________________________
if anyone could just give me an idea as to why it would crash in the first place and I can go from there

Welcome to the forum Carpwife. Have you tried starting in Safe Mode with networking? Most puters you hold down the F8 key on start up. Starting in safe mode will load the minimum drivers necessary to make it run. Maybe then you can get the highjack file and upload it. How old is the puter, make, model, operating system, etc. If it's more than a year old, have you opened it up and cleaned it? Give us a much info as possible.

__________________
EVGA 650i mobo with Intel e8400 Core 2 Duo
4 gigs OCZ 800 ddr2 ram and 160 gig sata hard drive
EVGA GTS 250 SC - Windows 7 - 64 bit
See my test at http://www.pcpitstop.com/betapit/sec.asp?conid=23014579

Hi, I will get back to you on the make and model, I am going there today, I thought about cleaning it, not sure which bits to take out though to clean, lol

What antivirus/security software are you running on that machine?

__________________
~Ash
Seen a bad post? Report it! Click the triangle in the top right hand corner of the post.
Want to get in touch? Send me a PM

hi he has AVG the free edition, I tried running that through but didnt complete because it crashed at about 80% of doing it,
I did manage to run spybot search and destroy it showed up "virtumonde.SCi- TrojansC I just checked to fix that dont know if that has anything to do with it,
also he keeps getting internet explorer messages, (could I uninstall internet explorer and put on firefox???)

You probably want to remove AVG and install Avast which will be far better at detecting those trojans, especially if Spybot is detecting them.
As for IE, you cannot install it, but we have a page explaining the benefits of Firefox over IE:
Get Firefox

However, complete freezeovers are often a hardware/drivers problem. What version of Windows is it, and has any new hardware been added recently?

__________________
~Ash
Seen a bad post? Report it! Click the triangle in the top right hand corner of the post.
Want to get in touch? Send me a PM

does it mean he has got a virus then, yes he has got new hardware installed, as they set up a wireless connection and he has belkin router (don't quote me on that) its windows xp version

Was it freezing before the installation of the wireless dongle? I once had a Belkin dongle that caused my PC to suffer similar freezing issues, followed by BSOD's after reformatting. Try running without the dongle for a while to see if the PC still freezes.

__________________
~Ash
Seen a bad post? Report it! Click the triangle in the top right hand corner of the post.
Want to get in touch? Send me a PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:56, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE
C:\Documents and Settings\peter\My Documents\Picasa2\PicasaMediaDetector.exe
E:\My Documents\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
E:\My Documents\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\One.Care\bin\mpbtn.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\peter\My Documents\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DMXLauncher] "E:\My Documents\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\My Documents\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: One.Care.lnk = C:\Program Files\One.Care\bin\matcli.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - E:\My Documents\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - E:\My Documents\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 9238 bytes
________________________
This user added the following:
________________________
have run avast through and got 12 files that said threat name - adware generic all with different letters on the end, dont know what they are if they are harmful

I think this computer has a problem with roxio 9, so I had completely uninstalled the program, it seemed to be ok for about half an hour then kept crashing, for no apparent reason, (didnt get any error messages), I then re-loaded the roxio program and straight away got an internet explorer error message and a runtime roxio message. Now he can't connect to internet, only way is to do a system dianostic then it fixes (whatever) and connects. Its really confusing, PLEASE GIVE ME SOME IDEAS
I have cleaned all the insides and hoovered the fans and all the c***p out.

First I notice you have IE7 which can be uninstalled and you would be left with version 6.
Second you have a lot of programs starting on start up you don't need running. Go to Run and type in msconfig. Turn off (uncheck) QuickTime, Messenger, Roxio, Hijack this, and anything else that is not needed to start. Those progams can be adjusted within the Preferences or Options to not start up. You can still access them using Start, Programs and then whatever you want to use. Having them down in the system tray makes the easily accessible but they are using valuable resources. Also one of them could be causing your problem. Don't forget to do the cleaning.

__________________
EVGA 650i mobo with Intel e8400 Core 2 Duo
4 gigs OCZ 800 ddr2 ram and 160 gig sata hard drive
EVGA GTS 250 SC - Windows 7 - 64 bit
See my test at http://www.pcpitstop.com/betapit/sec.asp?conid=23014579

do you think that there are any nasties lurking in the system,
________________________
This user added the following:
________________________
Also sounding a bit dumb how do I get rid of IE7,

IE7 can be uninstalled using Add/Remove programs. It will probably be listed under Microsoft but I would do the other things in my messege first and how it works out.

Sorry IE7 is listed under Windows Internet Explorer 7 in Add/Remove Programs in XP. I have no experience in hjt logs so I can't help you there.

__________________
EVGA 650i mobo with Intel e8400 Core 2 Duo
4 gigs OCZ 800 ddr2 ram and 160 gig sata hard drive
EVGA GTS 250 SC - Windows 7 - 64 bit
See my test at http://www.pcpitstop.com/betapit/sec.asp?conid=23014579

ok no worries, I will try out what you said first and see if that works, I am doing it on behalf of my step-dad, I am seeing him all next week,

but I was just trying to get as much to work with first, so I had an idea what I was working with,

Okay,

These programs do not need to be run at start up:

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\One.Care\bin\mpbtn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\peter\My Documents\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
E:\My Documents\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\One.Care\bin\mpbtn.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

You should be able to disable all of these using msconfig (Start -> Run -> 'msconfig' )
If not, just say so

And please can you check that this file:
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IE.EXE
is a real driver that you are using. I think this may be a virus.

If you are still having no luck.. Like Ash said, it may be down to your belkin thing. So I would remove it, and then stop this from running at start up:
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
and if it does work okay, then you know it is something to do with that

I'm far from an expert on Hijack This logs.. But yeah, this is my best oppion on things.

Jam

__________________