Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 23:18
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my computer is freezing up about 4 times a day
Show topics
 
Forums
Forums
My computer is freezing up about 4 times a day
  Jump to:
 
Posted Message
zack4290
Newbie
_ 		12. February 2008 @ 20:20 _ Link to this message    Send private message to this user   
Please someone help me my computer is freezing up and I got the blue screed of death 2 times now physical mem dump, i did a system restore to get it back but its still freezing ran avast found a few things also ran adaware,
here is my hijack log if someone can help that would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:46 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\Z&R\LOCALS~1\Temp\ir_ext_temp_32\autorun.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Z&R\LOCALS~1\Temp\Rar$EX00.281\memtest.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Z&R\Desktop\Windows-KB890830-V1.38.exe
c:\1583599702ba8de3fb3da165eb74\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {3506626b-6f26-a53b-0f74-bc2afcc2364a} - {a4632ccf-a2cb-47f0-b35a-62f6b6266053} - (no file)
O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 4483 bytes
[ + quote]
Advertisement
_ 		__
QuikDraw
Senior Member
_ 		13. February 2008 @ 00:12 _ Link to this message    Send private message to this user   
Your computer is infected with this nasty worm. http://www.sophos.com/security/analyses/w32rbotsg.html
May be a good idea to reformat/reinstall windows.

[ + quote]
zack4290
Newbie
_ 		13. February 2008 @ 11:35 _ Link to this message    Send private message to this user   
oh man how do i reformat windows i dont have a copy to reinstall thanks for the response
[ + quote]
QuikDraw
Senior Member
_ 		13. February 2008 @ 13:13 _ Link to this message    Send private message to this user   
Post a new thread in Windows-General Discussion forum. Title it, need help with reinstalling WinXP. The guys over there are the pro's at installing operating systems. We mainly deal with virus removal here in this forum. Good luck!

QuikDraw
[ + quote]

This message has been edited since posting. Last time this message was edited on 13. February 2008 @ 13:14
zack4290
Newbie
_ 		13. February 2008 @ 14:40 _ Link to this message    Send private message to this user   
do you think that reformating will get rid of it?
[ + quote]
QuikDraw
Senior Member
_ 		13. February 2008 @ 17:24 _ Link to this message    Send private message to this user   
Absolutely!
[ + quote]
zack4290
Newbie
_ 		13. February 2008 @ 17:37 _ Link to this message    Send private message to this user   
dang they said i would need my recovery disc and i dont have them any more bummer, i did a search at trend micro and it gave me some results on the virus so im going try them, do you know any antivirus program that would take care of it?
[ + quote]
goodswipe
Suspended permanently
_ 		13. February 2008 @ 17:43 _ Link to this message    Send private message to this user   
Originally posted by zack4290:
 do you think that reformating will get rid of it?
Unless it's memory resident or has corrupted your hard drive. ;)
[ + quote]
QuikDraw
Senior Member
_ 		13. February 2008 @ 18:04 _ Link to this message    Send private message to this user   
OK, I understand. Let's try to remove this worm, the trojans, and other infections on your HDD. First, run this online scanner. http://forums.majorgeeks.com/showthread.php?t=149856
Make sure you turn off all real time protection while running the scanner. As it may interfere with the scan.
[ + quote]

This message has been edited since posting. Last time this message was edited on 13. February 2008 @ 18:12
zack4290
Newbie
_ 		13. February 2008 @ 18:09 _ Link to this message    Send private message to this user   
goodswipe do you know any way of removing the virus? or any good antivirus to try?
[ + quote]
zack4290
Newbie
_ 		13. February 2008 @ 20:11 _ Link to this message    Send private message to this user   
thanks QuikDraw ill try that scan when i get home tonight i also came across and article on trend miro's web site http://www.trendmicro.com/vinfo/virusenc...%2EAAS&VSect=Sn im going to try that as will
[ + quote]
zack4290
Newbie
_ 		14. February 2008 @ 00:44 _ Link to this message    Send private message to this user   
so i got home and tryed this http://www.raymond.cc/forum/viewtopic.php?id=1543&action=new
then installed trend micro pro 2008 and ran a scan then one in safe mode and it found and removed about 8 viruses so here is my new log
if you will check it over agian that would be great

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:16 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {3506626b-6f26-a53b-0f74-bc2afcc2364a} - {a4632ccf-a2cb-47f0-b35a-62f6b6266053} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 4902 bytes
[ + quote]
QuikDraw
Senior Member
_ 		14. February 2008 @ 11:53 _ Link to this message    Send private message to this user   
Reboot into safe mode. Open HJK. Place a tick against each of the and following entries. Click, fix checked. Reboot normal. Run a HJK scan, check to see if the entries were removed. At this time, no need to post another HJK log. Just let me know if these entries were fixed or not.

O2 - BHO: (no name) - {5E042651-BD9D-EB61-ECE9-C76E8B9DC8B8} - (no file)

O2 - BHO: {3506626b-6f26-a53b-0f74-bc2afcc2364a} - {a4632ccf-a2cb-47f0-b35a-62f6b6266053} - (no file)

O2 - BHO: (no name) - {E60578D0-14EF-4891-8B70-FFD46123F38E} - (no file)

Are you running in selective startup?
[ + quote]

This message has been edited since posting. Last time this message was edited on 14. February 2008 @ 11:57
zack4290
Newbie
_ 		14. February 2008 @ 13:08 _ Link to this message    Send private message to this user   
ok so i ran in safe mode then check and files are gone, and i am useing selective start up
[ + quote]
QuikDraw
Senior Member
_ 		14. February 2008 @ 13:26 _ Link to this message    Send private message to this user   
Since most of your startups were missing I assumed this was the reason. OK, your log is clean.
[ + quote]
zack4290
Newbie
_ 		14. February 2008 @ 14:07 _ Link to this message    Send private message to this user   
ok great thanks for all your help man
[ + quote]
Advertisement
_ 		__
 
_
QuikDraw
Senior Member
_ 		14. February 2008 @ 14:09 _ Link to this message    Send private message to this user   
take care...
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my computer is freezing up about 4 times a day
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork