Member Avatar for Griffarien

I was in the middle of a post when (surprise) my computer restarted on me.

So here's the quick and dirty version.

My computer runs completely fine when it's used for everyday things. But once I start to run (or so it seems) system type programs, my computer bluescreens and restarts. I'm running XP Pro (all patched), McAfee Professional (all updated) and SpyBot (immunized).

It runs fine until I try to run things that are "system" programs. I try to run things like Virus Scanners, Defrags, Spyware detectors, Registry cleaners, and various other programs of this nature and my computer just blue screens and restarts. It then runs fine until I try and go at it again with the system programs. I've gotten nowhere with this problem and I'm looking at a format, but that's time consuming and I'm reluctant cuz my computer still technically runs.

Please help me if you can!

I've run Hijack This and here's the log:
----------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 8:27:27 PM, on 3/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Daemon\daemon.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
F:\Clockx\ClocX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\iTunes\iTunesHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\AIM\aim.exe
C:\Documents and Settings\William K. Yam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SpyBot\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ClocX] F:\Clockx\ClocX.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] F:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TrojanScanner] F:\SpyWare Utilities\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: Stardock ObjectDock.lnk = F:\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37975.4252314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
---------------------------------------

  • 3 Contributors
  • 11 Replies
  • 304 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 11 Replies

Member Avatar for crunchie

Hi. First you need to get HijackThis into it's own folder or it will not create back-ups.
Rescan & get HJT to fix these entries:

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch This is related to wild Tangent.

Apart from that I can't see anything.

If you want to stay as free of bugs as you can,
download & install Adaware, update it & in settings make sure to tick; scan within archives, deep scan registry & then in 'Tweak' tick automatically try to unregister objects prior to deletion. Run the scan & place a check next to everything it finds & remove them.
Download Spybot S & D, update & run it. Remove everything it finds. Within this program there is an option to 'immunise'. do this. There is also a link to spywareblaster, follow the link, download & install it, then update it. This program runs in the background to keep those little bugs out.

Member Avatar for Griffarien

Hi. First you need to get HijackThis into it's own folder or it will not create back-ups.
Rescan & get HJT to fix these entries:

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch This is related to wild Tangent.

Apart from that I can't see anything.

If you want to stay as free of bugs as you can,
download & install Adaware, update it & in settings make sure to tick; scan within archives, deep scan registry & then in 'Tweak' tick automatically try to unregister objects prior to deletion. Run the scan & place a check next to everything it finds & remove them.
Download Spybot S & D, update & run it. Remove everything it finds. Within this program there is an option to 'immunise'. do this. There is also a link to spywareblaster, follow the link, download & install it, then update it. This program runs in the background to keep those little bugs out.

All of those programs bluescreen me when I use em.

Member Avatar for caperjack

A trip to wimdows updates wouldn't hurt .

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Also I would be a little suspisious of this ,do you know what it is.
O4 - HKLM\..\Run: [ClocX] F:\Clockx\ClocX.exe

Member Avatar for Griffarien

A trip to wimdows updates wouldn't hurt .

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Also I would be a little suspisious of this ,do you know what it is.
O4 - HKLM\..\Run: [ClocX] F:\Clockx\ClocX.exe

Windows is patched except SP1.
That's a clock feature I added, I know what it is.

Member Avatar for crunchie

The only other thing I can think of is to start HJT, go to config/misc tools & generate a start up list & post it here. Maybe someone will spot something that shouldn't be there.

Member Avatar for Griffarien

The only other thing I can think of is to start HJT, go to config/misc tools & generate a start up list & post it here. Maybe someone will spot something that shouldn't be there.

------------------------------
mmmkay, here it is.
------------------------------
StartupList report, 3/12/2004, 10:02:53 AM
StartupList version: 1.52
Started from : F:\Highjack This\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Daemon\daemon.exe
C:\WINDOWS\System32\taskswitch.exe
F:\Clockx\ClocX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\iTunes\iTunesHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\ABC\abc.exe
C:\Program Files\Outlook Express\msimn.exe
F:\Highjack This\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\William K. Yam\Start Menu\Programs\Startup]
Stardock ObjectDock.lnk = F:\ObjectDock\ObjectDock.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UserFaultCheck = %systemroot%\system32\dumprep 0 -u
SoundMan = SOUNDMAN.EXE
DAEMON Tools-1033 = "F:\Daemon\daemon.exe" -lang 1033
CoolSwitch = C:\WINDOWS\System32\taskswitch.exe
ClocX = F:\Clockx\ClocX.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
iTunesHelper = F:\iTunes\iTunesHelper.exe
TrojanScanner = F:\SpyWare Utilities\Trojan Remover\Trjscan.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - F:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - F:\SpyBot\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Download Program Files:

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37975.4252314815

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 5,183 bytes
Report generated in 0.046 seconds

- The following possible fishy entries are benign, I know what each of them does. ClockX, StyleXP, Daemon, ABC and ObjectDock.

Thanks for your help on this !

Member Avatar for crunchie

Well, I think that we can eliminate any malware. I really cannot see anything there. I was going to ask about the ABC thing, but you know what that is.
Can you point your finger at any particular thing you did prior to this happening?

Member Avatar for Griffarien

That's the thing, I really can't think of anything I did differently that would have triggered this from happening.... This is the running theme of this problem though and I thank you for the time that youv'e put into this already. Please don't feel like you have to continue trying to figure it out =)

Thanks for your support Crunchie!

Member Avatar for crunchie

Is there possibly a restore point that you can go back to without losing too much stuff?
No probs regarding the help, what goes around, comes around I reckon.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.