Solved

Windows Crash every two hours

Posted on 2006-11-06
25
5,191 Views
Last Modified: 2012-06-21
A couple of weeks ago my XP commenced crashing, no notice just boom reset. At first I though it might be a memory issue but I have XP on another parition and it does not suffer from the same problems, so it must be software related.

The event viewer makes some reference to the side by side error Resolve Partial Assembly failed for Microsoft.VC80.CRT. This occurs roughly every two hours.

PC has been scanned for Spyware and Viruses, so I can only assume that maybe a trojan or something is trying to access the outside periodically and failing, forcing the reboot.

Any ideas? It is starting to get a bit annoying and refuse to reinstall XP.

0
Comment
Question by:OZSJ
  • 11
  • 5
  • 3
  • +3
25 Comments
 
LVL 30

Accepted Solution

by:
irwinpks earned 200 total points
ID: 17887000
Reinstalling XP is always the safest and QUICKEST bet.

However, should you want to trouble shoot....

Download and install this
http://www.majorgeeks.com/HijackThis_d3155.html

Then copy the log and paste it in the analyzer
http://www.hijackthis.de/

Analyze the file and POST THE LINK here so that we can take a look at it..

In the mean time, there are several things to apply:

Go to MSCONFIG, START-RUN-type MSCONFIG <enter> then located any programs you recognize that you can turn off. Note your changes as you may need to re-enter them.  Restart your machine
---------------
Download Ewido, http://www.ewido.net/en/download/, install, open program, check for updates, restart computer, press F8 before windows logo appears, select safe mode, open Ewido, run full system scan. let Ewido delete all it finds, if anything is called serious by Ewido, disable Norton's Goback, and run Ewido again.
---------------
chkdsk /r
--------------
Windowsupdate everything except .NET items
0
 
LVL 15

Assisted Solution

by:venom96737
venom96737 earned 25 total points
ID: 17887006
install net framework 2.0 that should resolve the error are you running sql 2005 on this machine?  
0
 

Author Comment

by:OZSJ
ID: 17887207
Thanks, I forgot about Hijack this. Otherwise I have run all the other useful spyware scans and had already removed everything I didn't need from msconfig.
I will give net framwork 2 a try. No sql 2005, although at some stage I did have sql2000 running on it.

I will post comments after scans, and then two hours later.
0
 

Author Comment

by:OZSJ
ID: 17887256
Hmm, here you go. I have a lot of services, maybee it is time to clean up a bit.

Once thing that stands out are the multiple instances of AVG. Maybee something went wrong with the install. I did start to notice these problems sometime after I removed Mcafee which I had for years. perhaps it released some stuff back into the wild as punishment.

Logfile of HijackThis v1.99.1
Scan saved at 5:24:28 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VMSnap326.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Jetico\BestCrypt\BCResident.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\avgagent.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\LogMeIn Backup\BackupMaint.exe
C:\WINDOWS\System32\cqginsts.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Prism Microsystems\EventTracker\SrvShell.Exe
C:\Program Files\Prism Microsystems\EventTracker\evtarmgr.Exe
C:\Program Files\Prism Microsystems\EventTracker\evtmgr.exe
C:\Program Files\Prism Microsystems\EventTracker\Agent\etagent.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\OPENXTRA\Common\Tools\srvstart.exe
C:\Program Files\SugarCRM\oss\mysql\bin\mysqld-opt.exe
c:\Perl\5.8.3\bin\MSWin32-x86-multi-thread\wperl.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Steve Jansen\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe FlexiCAM USB 2.0 with sound
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe FlexiCAM USB 2.0 with sound
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: BIGDOGPATH326.lnk = C:\WINDOWS\VMSnap326.exe
O4 - Global Startup: Domino.lnk = C:\WINDOWS\Domino.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add Auction Item - Bayside Sniper - res://C:\WINDOWS\BSIIMenuExt.dll/IECONTEXT_HANDLER.HTM
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/AU/install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158815842015
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B58FB3F-C596-45D4-AFF0-136FE89C8CC1}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FFB1852-6DD7-45C0-A636-4E5733245AD4}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FFB1852-6DD7-45C0-A636-4E5733245AD4}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0110BEB-26AE-4973-8DA9-73B072952A52}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4942836C-A39F-4812-9D33-398B5715BE9A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: hplun.dll A 1 C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: AVG7 TCP Server (AVGTCPSv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
O23 - Service: ActiveXperts Network Monitor (AxsNmSvc) - Unknown owner - C:\Program Files\ActiveXperts\Network Monitor\Server\AxsNmSvc.exe
O23 - Service: LogMeIn Backup Maintenance Service (BackupMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\BackupMaint.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: CQG Installation Service (CQGInstS) - CQG, Inc. - C:\WINDOWS\System32\cqginsts.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ETReceiver - Prism Microsystems, inc - C:\Program Files\Prism Microsystems\EventTracker\SrvShell.Exe
O23 - Service: Event Archiver - Prism Microsystems, Inc. - C:\Program Files\Prism Microsystems\EventTracker\evtarmgr.Exe
O23 - Service: EventTracker Agent - Prism Microsystems, Inc. - C:\Program Files\Prism Microsystems\EventTracker\Agent\etagent.exe
O23 - Service: fixtgw - Unknown owner - C:\PROGRA~1\PATSYS~2\fixtgw\bin\fixtgw.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: LogMeIn Backup VSS Service (LMIBackupVSSService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: LogMeIn Backup Storage PC Service (LogMeInBackupService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MRTG - Unknown owner - C:\Program Files\OPENXTRA\Common\Tools\srvstart.exe" svc MRTG -c "C:\Program Files\OPENXTRA\\mrtg_control.ini (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Client - EMC Dantz - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Client\rthlpsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Access Remote PC Service 4.4 (RpcSvr4x) - www.access-remote-pc.com - C:\Program Files\Access Remote PC 4\rpcsetup.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Windows Network Status Reporting Tool (WNSRTOOL) - Unknown owner - C:\Program Files\WNSRTool\wnsrtool.exe

0
 
LVL 30

Expert Comment

by:irwinpks
ID: 17887311
http://www.hijackthis.de/logfiles/4e98be2c94fcae98956c7396b46f9874.html

You got tons of nasties and unknowns..fix these entries...and and run hijack this again.... instead of posting the log here... run the analyzer yourself, and take it from there.
0
 

Author Comment

by:OZSJ
ID: 17887376
Yeah, I had a look. Plenty of unknowns. But what are the nasties you are referring too?
0
 

Author Comment

by:OZSJ
ID: 17887381
Most of the unknowns are in fact ok. From what I can see most of the nasties are Logitech which is also ok.
0
 
LVL 30

Expert Comment

by:irwinpks
ID: 17887390
Possibly nasties need to be looked at too... From what I see, you have a whole bunch of them starting up.
0
 

Author Comment

by:OZSJ
ID: 17887404
Hmm, it is a complete mess as I trial lots of software on this PC which is always a bit dangerous. But my scans with spybot, Adaware, Edwido and Roguescanfix have found nothing.

I use this PC for work from home and obviously do not want it to have some sort of key logger.

i have just run the scan again and the only nasties are bigpond which is an ISP and the Logitech references. not sure why Logitech desktop manager should be viewed so harmful.
0
 
LVL 30

Expert Comment

by:irwinpks
ID: 17887410
time to get rid of that trial software that you are not using.
0
 
LVL 20

Assisted Solution

by:cpc2004
cpc2004 earned 125 total points
ID: 17887548
Hi,
The crash may be caused by faulty ram or device driver error (ie video, sound card, modem and etc). The system event log and the minidump has the most useful diagnostic information. When Windows crashes with blue screen, it writes a system event 1001 or 1003 and a minidump to the folder \windows\minidump. Check system event 1001 and 1003 and it has the detail of the blue screen.

Event ID: 1001
Source: Save Dump
Description:
The computer has rebooted from a bugcheck.The bugcheck was : 0xc000000a (0xe1270188, 0x00000002, 0x00000000, 0x804032100).
Microsoft Windows..... A dump was saved in: .......

Event Source: System Error
Event Category: (102)
Event ID: 1003
Description:
Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000

Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001/1003. Copy the content and paste it back here

Zip 5 to 6 minidumps to a zip file and attach it at any webspace. I will study the dump and find out the culprit. If you can't provide the minidumps, run memtest to stress test the ram. Make sure that your windows is not infected with spyware, adware adn chkdsk /r.
http://www.memtest86.com/.

Get public webspace
Use a free service like rapidshare to attach the minidumps and post the url of the mimidumps at this thread.
http://www.rapidshare.de/
0
 

Author Comment

by:OZSJ
ID: 17887618
Thanks for the post. No Event 1003 or 1003 in the system log.

I too was convinced something is wrong with the memory, but then the other OS would crash. No changes recently to video or sound drivers so they can be eliminated.

Anyway, it occurs as clockwork every couple of hours and we are approaching that point int he next half hour or so. I have completed every other scan i know from chkdsk, defrag, spyware scans and virus scans. I guess if it crashes again I will log into the other OS and do a complete virus scan from there. I even reinstalled latest Zone alarm an had it ask for every single program to access the internet. Nothing unusual requested access.

You never know, maybe the net framework install will have fixed the issue.

If not, then maybe time for a new dual core and I will use this as a low end media server.


0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Assisted Solution

by:qz8dsw
qz8dsw earned 125 total points
ID: 17887624
Looking at this I don't like the obvious repeating of the O18's.
The file they are actually pointing to is the exact same.
The o4's make me shudder.
BigDogpath326

I can find neither reference to the exe or registry entry from my quick search.
That makes me look at the whole thing.
I totally agree with irwinpks, GET rid of whatever trialware, shareware and whatever else you don't use.
Theres SO much to clean from this for a work PC working from home.

Heres my list of what I'd get rid of. (I'll leave out the O18's cos the list it just too big there)
Just assume ALL o18's are ticked/checked.

This contains ALOT of unknowns but alot of filenames that are just too repitave for my liking.
YOU have to think about what I recommend and figure out do I use that for work.
When your reading this LOOK at directory names of the files.
Example.
Does your work use GetRight  ?
If your work does then O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll probably should not be taken out.
The GetRight is after the c:\Program Files

Your also running avg and macfee. I'd suggest using the company standard on this machine if it is a company paid for machine.
This WHOLE LOG should be given to your IT/Tech dept to be honest.
They know what will break from removing something better than I do or any expert here and they know what is used.

In saying that heres my list of what I'd remove first off. Use it at your own risk.
 
I've totally ignored the O23's as your works tech dept can sort that out better than I and removing trial software will affect the list thats there.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe FlexiCAM USB 2.0 with sound
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe FlexiCAM USB 2.0 with sound
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: BIGDOGPATH326.lnk = C:\WINDOWS\VMSnap326.exe
O4 - Global Startup: Domino.lnk = C:\WINDOWS\Domino.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add Auction Item - Bayside Sniper - res://C:\WINDOWS\BSIIMenuExt.dll/IECONTEXT_HANDLER.HTM
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/RescueControl.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O20 - AppInit_DLLs: hplun.dll A 1 C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
0
 

Author Comment

by:OZSJ
ID: 17887777
Thanks,

I dont like the BigDogpath326 and will explore this further. I also removed the Trojan scan reference.

I only downloaded Getright last night to get a big file. It is harmless.
I must be getting familiar with my PC, because I can recognize almost everything in your list here and they are just fine. Almost all are legitimate applications.

Of more concern is the fact that a few people in this forum have anyalysed the log and expressed concern. I dont know if htis is because you do not recognize many of the programs... no doubt you know more about this than me so I guess maybe I should put forward my Core2 upgrade.

I meant to say that this is a home PC, but I will increasingly do some work from it.

Amazingly enough, still no crash. If I make it through the next hour then everything appears ok. (at least for system stability)
0
 
LVL 15

Expert Comment

by:qz8dsw
ID: 17888044
Glad your getting to know your PC and application names.
Personal perspective the re-occuring O18's NEED to be addressed.
It depends on your version of GetRight as to wether or not it's clean.
Some versions did indeed contain spyware and malware.

We all expressed concern because I think we all see the same thing.   (Others correct me if I'm wrong here)
I know alot of the programs listen, some I don't, generally I'll go to the effort to google and search in depth each reg entry and program name to be sure.
Tonight I did not have that time, hence my seeming to repeat warning about removing what I suggested.

With my recommendations I tried to take out a few of the unknowns, a bit of the well it just dies not need to load as I passed through it without breaking your connection to work.
It was no where near diffinative, nor taking into account your own home situation.  (I did think work PC)
You like I use the home PC more and more for work. My work insists on any PC accessing the work network..... must use this and that.  (For Anti-Virus and firewall in my case). I suggest you still stick with that.  Work hopefully would pay for signature updates if thats the case.   If not then just run one and use it. Not 2.

Glad to see it would seem de-installing some stuff might have made it more stable.
Hope it continues.

Terry

0
 
LVL 12

Assisted Solution

by:WallD
WallD earned 25 total points
ID: 17888285
For what it is worth you have a lot of things that startup automatically, and wonder if they all actually need to be running at startup, they are all going to cause an overhead on the system before you use the machine.

You dont necessarily need them to run at startup, therefore you dont have to uninstall the app just prevent it from starting at startup.

To disable then from stratup go Start>run >msconfig> select the startup tab and disable those apps that you dont use every day like web cam maybe or skpe etc this should also help the machine startup quicker, and provide less of aoverhead.

David
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 17894827
Hi,

Do you find any minidumps at the folder \windows\minidump? If no minidumps and system event 1001,  it is hardware error. Probably it is faulty PSU or RAM.

cpc2004
0
 

Author Comment

by:OZSJ
ID: 17895514
Memory tested ok. I have reduced the cause to one of two events, either overheating inside the PC or SKype (including the USB camera) which I recently upgraded for video calls.

CPU FAN: I have a Zalman (flower type) cooler with a large Panaflo fan colling the heatsink. I have increased the speed on this fan from its slowest near silent setting.

SKYPE: Removed the Video cam and shutdown Skype. I tried to send two sms messages today through skype and the PC just spontaneously restarted, same as before.

The PC has been stable for 5 hours now. I have just restarted Skype so if it crashes in the next couple of hours we will know the cause.

0
 

Author Comment

by:OZSJ
ID: 17895517
There is a single minidump in that folder from 10am this morning when it last crashed.
How do I open this?
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 17895909
Hi,

Attach the minidump at http://www.rapidshare.de/. If you want to format the minidump, you have to install windows debug utility (ie windbg)

cpc2004
0
 

Author Comment

by:OZSJ
ID: 17895965
Here is the mini dump.

However the system has now been online for the entire day and is looking good. I am tempted to create another partition and reinstall XP for a slow migrating although not sure if Windows will dual boot 3 XP OS?

Skype definitely caused the crashes this morning, but maybe the other issues were heat related. It is a shame because I like my silent PC to be silent.

Microsoft (R) Windows Debugger  Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini110806-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Nov  7 20:25:47.031 2006 (GMT+11)
System Uptime: 0 days 2:28:42.610
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
*                                                                   *
* The Symbol Path can be set by:                                    *
*   using the _NT_SYMBOL_PATH environment variable.                 *
*   using the -y <symbol_path> argument when starting the debugger. *
*   using .sympath and .sympath+                                    *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.........................................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................
Unable to load image vsdatant.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {1c70253, 2, 0, aaed31d6}

ANALYSIS: Kernel with unknown size. Will force reload symbols with known size.
ANALYSIS: Force reload command: .reload /f ntoskrnl.exe=FFFFFFFF804D7000,213F80,42250FF9
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : vsdatant.sys ( vsdatant+201d6 )

Followup: MachineOwner
---------



0
 

Author Comment

by:OZSJ
ID: 17896002
Thanks everyone. I think the PC is ok now.
0
 
LVL 15

Expert Comment

by:qz8dsw
ID: 17896137
Thanks for the assisted Ozsj,
Good to hear your machine is stable.
0
 
LVL 12

Expert Comment

by:WallD
ID: 17896287
Many thanks David
0
 
LVL 30

Expert Comment

by:irwinpks
ID: 17900409
Cool. thank you!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now