Page 1 of 3 123 LastLast
Results 1 to 10 of 26
  1. #1
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default Computer constantly crashes, no virus found

    Hey guys, I'm having a pretty tough time diagnosing my computer's recent problem, so I was hoping you guys might be able to point me in the right direction.

    Basically the PC locks up on me and can't be used other than safe mode, if you need to know more the paragraph below details what it does exactly, no error messages or anything like that though so you can skip it if you get the point.

    About a week ago, my PC started to freeze when I was using firefox. I wasn't on site that would have given me a virus at the time, just filling out a housing form for college on their website. My entire PC would freeze and even Control-Alt-Delete would not do anything. The problem seemed to happen soonest when I was using the internet, IE did the same thing as firefox. Now, my PC is doing the same thing but with all programs. It is incredibly slow, and freezes really, really fast. Programs aren't even opening at this point. The PC isn't shutting off and the mouse still works, but it wont respond to anything I do, I even have to shut it down manually. I'm working in safe mode right which is the only way I can get it to run. I ran Hijackthis in normal windows though.

    So my first though was that it was a virus, which I still believe may be the problem. I have scanned the computer many times with the following programs (all were update fully before scan, all scans were full scan/deep scan when available):

    Bitdefender 2009: (my antivirus): No results, only a few tracking cookies
    Superantispyware: only a few cookies
    Antimailwarebytes: nothing
    Pandascan (online): only a few cookies
    TrendMicro Housecall: Nothing
    Posted Hijack this log in analyzer here: Nothing, said I had suspicious results but listed nothing to delete other than viewpoint manager

    I also tried to clean up my PC using the following programs/tools:
    Check Disk: Came up totally clean, not in need of repair
    CCleaner
    BeClean
    Defragmented Harddrive

    None of these actions made any difference on the performance of my PC, which is why I am hoping you guys can help me out, because its pretty much unusable other than safemode. I really appreciate your help on this, I have tried to do as much as I can on my own but really don't know where to go from here and I'm hoping you can help.

    Here is my hijackthis log (run on normal windows):

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:02:49 PM, on 5/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\java.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2A96D88B-55DD-46de-8235-455759988526} (Intel Content Update) - http://vvswupdate.intel-support.com/...l/gtdownin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://vep.intel.com/Entriq_3_5_2_2_Silent.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SMS_v3_1_0 - Unknown owner - C:\Program Files\Rosetta Stone\SMS v3.1.0hs\wrapper.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 8301 bytes

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Antimailwarebytes
    Are you sure you spelled that right?

    We might need to move this to the Computer Help forum. I trust BitDefender and SUPERAntiSpyware and if they didn't find anything...
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    Haha no, my bad. Malwarebytes Anti-malware. Ya I had heard that bitdefender was pretty good so I was surprised when all the scans found nothing. Should I repost in the computer help section or do you guys move it?

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Try Dial-a-fix first.

    Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.


    • Open the folder and run Dial-a-fix.exe
    • 2 windows will open. Close the one in the background labeled Restrictive Policies
    • Check the box in section 1, Empty temp folders.
    • Check the box in section 2, Fix Windows Installer.
    • Check the box in section 3, Fix Windows Update.
    • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
    • Check all boxes in section 5, labeled Registration Center.
    • Click Go
    • OK any error messages if received, but write them down and post them here.
    • Restart the computer when done.

    How is everything now?

    I'm also moving this to the Computer Help forum.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  5. #5
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    Hey so I have tried many times now to get dial-a-fix to work and have been unsuccessful. Every time it runs it freezes on section 3 and says "stopping WUAUServ..." on the bottom. I unchecked section 3 and ran it successfully and rebooted but the PC is still crashing.

    One interesting thing I noted is that when I am actually able to shut the PC down correctly (not having to hold the power off button) I get a message saying the program NSAppshell is not responding. When I click end now, all the screens that I had previously tried to open pop up in a flash. But at this point, the PC is already shutting down. I also get the error that C:\windows\system32\SC.exe is not responding and have to hit end now. However, the last one is a new error.

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,189
    Points
    1308

    Default

    NSAppshell is not responding

    That's a mozilla firefox file, run firefox in safe mode. or reinstall firefox. Not to be confused with windows safe mode firefox has it's own safe mode.

    C:\windows\system32\SC.exe Looking for info on that...--------> That maybe malware I'll let evilfantasy carry on here..
    Last edited by zep516; 05-14-2009 at 05:36 PM.

  7. #7
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Scan that file please.


    Please go to VirusTotal.com
    (If more than one file needs scanned they must be done separately and logs posted for each one)

    1. Copy the file path in the below Code box:

    Code:
    C:\windows\system32\SC.exe
    2. At the upload site, click once inside the window next to Browse.
    3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    4. Next click Send File
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    This will perform a scan across multiple different virus scanning engines.
    Important: Wait for all of the scanning engines to complete.
    5. Copy and then Paste the link to the results in the next reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  8. #8
    Member abseh1's Avatar
    Join Date
    Jul 2008
    Location
    Tampa Bay
    Posts
    2,319
    Points
    388
    Blog Entries
    2

    Default

    Quote Originally Posted by zep516 View Post
    NSAppshell is not responding

    That's a mozilla firefox file, run firefox in safe mode. or reinstall firefox. Not to be confused with windows safe mode firefox has it's own safe mode.

    C:\windows\system32\SC.exe Looking for info on that...
    To remotely create and start a service from the command line, you can use the SC tool (Sc.exe) included in the Resource Kit.

    The sc.exe command comes with Windows XP and is either located in the C:\\windows\\system32 directory or C:\\winnt\\system32 directory
    How to create a Windows service by using Sc.exe

    It applies to Vista as well

    I doubt it is the problem...it is being corrupted

    I suspect a conflict with the Browsers... involving the school site...SC.exe is a tool for running remotely too

    I suggest talking to the school ITT..can not hurt...maybe reconnecting to the school from a different link?
    Last edited by abseh1; 05-14-2009 at 05:46 PM.
    SIGNATURE...When I post info I assume you have already read this link
    How to Start Removing Viruses and Spyware from your Computer

  9. #9
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    The thing is that the first time the computer froze was on the school site, I don't think it was because of it. It has done the exact same thing many times since then and I have not gone back to that site. I'm not at school yet (graduating highschool) and this is not a school computer. I'm with you and think the error is a result of my computer having crashed so many times, but you guys know way more than I do so I'm running the scan now.

  10. #10
    Member
    Join Date
    Aug 2007
    Posts
    69
    Points
    0

    Default

    Alright here is the link, it found nothing.

    Virustotal. MD5: beabd93e229c090b1f87d34a1b927eac

Page 1 of 3 123 LastLast