Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
computer crashing after being left idle
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > computer crashing after being left idle  
Forum Quick Jump
 
New Topic Post reply to : computer crashing after being left idle Printable version of : computer crashing after being left idle
[ << Previous Thread | Next Thread >> ]

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-3-2004 1:32 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
In the past few days my computer is behaving very strange.....The first problem occured after the computer was left idle for a few hours during the day, when I "woke" it up the screen appeared to be in DOS mode and all programs had stopped. I re-booted and all was fine. Now when the computer goes idle it either reboots when I wake it or it might just lock itself..I don't have a pass word on the computer and was able to get back in but I am now very concerned as I have never used this feature before.
 
I use the new version of bullguard and spybot and all appears to be fine so now what do I do to find out what is going on..........
 
Any advice would be great......the computer is only six months old and I run xp......
Back to Top
 

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-3-2004 2:09 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
I thought I should run Hijackthis as it appears to be one of the first thing you need to do to help find out what is going on....
 
here is the log
 
Logfile of HijackThis v1.98.2
Scan saved at 10:43:26 PM, on 3/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\New Folder\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = server_name/script.pac
R3 - URLSearchHook: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSXXXXXX47AU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
 
Back to Top
 

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-3-2004 2:11 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
I use Kazaa and understand that a lot of stuff comes with it and I don't mind that but would like to know what else might be in there!!!!
Thanks for any help you can givesmilewinkgrin
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 12-3-2004 2:43 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
Hey catmadsmilewinkgrin
You really are infected, and we can´t take it all, first time;-)
I recommand you get rid of filesharing programs, at least untill we are finished here
 
Download these::
Lspfix:
http://danborg.org/spy/Newnet/LSPfix.exe
http://www.bleepingcomputer.com/forums/index.php?showtutorial=59   - Tutorial.
http://danborg.org/spyware/Newnet/winsockxpfix.exe    - Winsockfix.
Run LSPfix, move- New.Net– to Remove window,  put a checkmark in  -I know what I am doing, - Finish, Reboot
If it don´t work, run Winsockfix.

Download:
Cwshredder: http://danborg.org/spy/CWS/cwshredder.exe
Adware http://www.lavasoftusa.com/support/download/
Spybot: http://www.safer-networking.org/en/download/index.html
Download this scanner – mwav exe : http://home9.inet.tele.dk/le01/Sikkerhed.htm
 
Show hidden files:
 http://www.xtra.co.nz/help/0,,4155-1916458,00.html=
 
 
Please go offline
In the HijackThis program, place a check mark next to the following entries.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
Press the "Fix checked" button. Then close HijackThis. 
 
 
Reboot into Safe Mode -  hit F8 key untill menu shows up
Find and delete:
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s


Run the mwav scanner:
Activate all, in settings- Scan


Spybot, click on the Immunize button. Then "Scan System" button. When the Check is over, fix all marked with red

Adware
Push START
Perform full system scan. NEXT
To fix all the bad critical objects do the following:
Right click on one of them to open up the selection screen. Click the "Select All" button to select all entries.
When all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.

Run cwshredder, close all other windows-Fix
Reboot
Go to Start | Run and type: cleanmgr.exe and hit enter.
When prompted what drive to clean select your hard drive c:
If asked what folders to clean in a list, tick them all to clean all temp folders, downloaded program folders, temporary internet files, etc., and the recycle/trash bin.

 
 
 post new hijackthis  log


Touch
Back to Top
 

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-6-2004 12:26 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
Thanks so much for all your help but I decided to re-format my computer.....It took me a good seven hours to restore my computer to it's fresh state. What I have done is bookmark all of the links you have given me for future use.
I do enjoy Kazaa but have found my ISP has music downloads very cheap and no spyware ect... much better option I do believe.
I will keep reading this forum as I have learnt so much from all you guy's here. Keep up the exellent work
Cheers
Cathy
Back to Top
 

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-6-2004 1:46 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
I am not as smart as I thought I wasblush .....I still have stuff on my computer that I thought would be gone after a re-format....
Here is my latest hijackthis
Logfile of HijackThis v1.98.2
Scan saved at 10:43:05 AM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\New Folder\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.synnex.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.synnex.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=Http://www.synnex.com.au/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102127065689
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab


Cheers
Cathysmilewinkgrin
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 12-6-2004 10:45 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
I can´t see anything bad in the log, what´s the problem?

Touch
Back to Top
 

catmad
New Member


Date Joined Aug 2004
Total Posts : 10
  		   Posted 12-7-2004 12:09 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
I thought that when you redid windows it wiped everything out...however, I found Kazaa still lurking and games and stuff that the kids had previously downloaded.... I have gone through and deleted just about all of it but how do I distinguish what is meant to be there and what can go??confused
My son was on the pc last night and now I have Yahoo back on my browser..nono naughty boy....
 
It seems that when you use certain sites you are going to be left with stuff you may not likeyeah and I don't want to stop my son using this particular site (neopets.com) but how do I know what to clean up after he has been there....???
 
 
 
 
 
 
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 12-7-2004 6:48 (GMT +1)    Quote: computer crashing after being left idleAlert an admin about: computer crashing after being left idle
Hi;-)
 
Hide system files again
 
Because you were infected, backups of the malware may be in System Restore.

1 Right-click My Computer, and then click Properties.
2 Click the System Restore tab.
3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
4 Click Apply
5 this will delete all existing restore points. Click Yes to do this.
6 Click OK.

Reboot. Enable system restore again

 
 
You can protect your computer, when you or your son are surfing.
Install these for safer surfing:
http://www.javacoolsoftware.com/spywareblaster.html Update when downloaded, SpywareBlaster prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially dangerous sites in InternetExplorer.

http://www.javacoolsoftware.com/spywareguard.html  Update when downloaded.
SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

https://netfiles.uiuc.edu/ehowes/www/resource.htm
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites, that aren't actually innocent at all.


Privacy Keeper
http://www.unhsolutions.net/IEPK/index.shtml
 
Privacy Keeper Manual:
http://www.unhsolutions.net/IEPK/manual


Check for updates for Windows and Internet Explorer every week or so. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available"

http://windowsupdate.microsoft.com/
 
And run Adware, Privacy Keeper and Spybot when you shutdown your computer;-)  

Touch
Back to Top
 
New Topic Post reply to : computer crashing after being left idle Printable version of : computer crashing after being left idle
 
Forum Information
Currently it is Tuesday, December 02, 2008 1:22 PM (GMT +1)
There are a total of 64.502 posts in 15.908 threads.
In the last 3 days there were 18 new threads and 105 reply posts. View Active Threads
Who's Online
This forum has 27321 registered members. Please welcome our newest member, ribnitz.
45 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cannot connect to the internet (8)02-12-2008 12:08:33 (Nick Brough)
Need virus removal help - malwarebytes etc (4)02-12-2008 09:44:31 (Jonathan_ll)
SPAM nike shoes SPAM (0)02-12-2008 09:34:13 (shoes258)
Please help Trojan.SystemDriver found (4)02-12-2008 09:03:15 (Touch)
Before posting a log (0)02-12-2008 08:13:21 (alexperara)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard