Computer Randomly Restarting. I HATE IT!

[l33thunt3r]

Ok, so I downloaded this "Ewido AntiSpyware" thing, and it helps me get rid of some spyware.

 

 

 

I play RS, it's fine. I open IE. BOOM! Restart!

 

 

 

System -

 

 

 

Microsoft Windows XP Pro

 

SP 2

 

 

 

AMD Athlon XP 2600+

 

2.08 Ghz, 1 GB of ram.

 

 

 

Here's HJT

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 7:09:00 PM, on 9/25/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

G:\WINDOWS\System32\smss.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\winlogon.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\services.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\lsass.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)

 

G:\Program Files\Windows Defender\MsMpEng.e3e (CAUTION - executable file)

 

G:\WINDOWS\System32\svchost.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\spoolsv.e3e (CAUTION - executable file)

 

G:\WINDOWS\Explorer.e3e (CAUTION - executable file)

 

G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.e3e (CAUTION - executable file)

 

G:\Program Files\Trend Micro\OfficeScan Client\pccntmon.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\CTsvcCDA.e3e (CAUTION - executable file)

 

G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.e3e (CAUTION - executable file)

 

G:\Program Files\Cisco Systems\VPN Client\cvpnd.e3e (CAUTION - executable file)

 

G:\Program Files\Windows Defender\MSASCui.e3e (CAUTION - executable file)

 

G:\Program Files\iTunes\iTunesHelper.e3e (CAUTION - executable file)

 

G:\Program Files\QuickTime\qttask.e3e (CAUTION - executable file)

 

G:\Program Files\Java\jre1.5.0_06\bin\jusched.e3e (CAUTION - executable file)

 

G:\PROGRA~1\SurfPass\Firebird\bin\fbserver.e3e (CAUTION - executable file)

 

G:\Program Files\MSN Messenger\MsnMsgr.e3e (CAUTION - executable file)

 

G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.e3e (CAUTION - executable file)

 

G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\rundll32.e3e (CAUTION - executable file)

 

G:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.e3e (CAUTION - executable file)

 

G:\Program Files\Trend Micro\OfficeScan Client\tmlisten.e3e (CAUTION - executable file)

 

G:\WINDOWS\TEMP\ZD651B.e3e (CAUTION - executable file)

 

G:\Program Files\iPod\bin\iPodService.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\svchost.e3e (CAUTION - executable file)

 

G:\Program Files\Internet Explorer\iexplore.e3e (CAUTION - executable file)

 

G:\Program Files\Internet Explorer\iexplore.e3e (CAUTION - executable file)

 

G:\WINDOWS\system32\rundll32.e3e (CAUTION - executable file)

 

G:\DOCUME~1\wz_2\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.e3e (CAUTION - executable file)

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customi.....faul ... ch/ie.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customi.....faul ... .yahoo.com

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O4 - HKLM\..\Run: [samsung LBP SM] "G:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.e3e (CAUTION - executable file)" /autorun

 

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "G:\Program Files\Trend Micro\OfficeScan Client\pccntmon.e3e (CAUTION - executable file)" -HideWindow

 

O4 - HKLM\..\Run: [NVMixerTray] "G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.e3e (CAUTION - executable file)"

 

O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.e3e (CAUTION - executable file) /SYNC

 

O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.e3e (CAUTION - executable file) /IMEName

 

O4 - HKLM\..\Run: [MSPY2002] G:\WINDOWS\system32\IME\PINTLGNT\ImScInst.e3e (CAUTION - executable file) /SYNC

 

O4 - HKLM\..\Run: [iMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.e3e (CAUTION - executable file)" /Spoil /RemAdvDef /Migration32

 

O4 - HKLM\..\Run: [iMEKRMIG6.1] G:\WINDOWS\ime\imkr6_1\IMEKRMIG.e3e (CAUTION - executable file)

 

O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.e3e (CAUTION - executable file)" -hide

 

O4 - HKLM\..\Run: [ParentalControl] G:\Program Files\Parental Control\ParentalControl.e3e (CAUTION - executable file) /SERVICE

 

O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.e3e (CAUTION - executable file)"

 

O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.e3e (CAUTION - executable file)" -atboottime

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.e3e (CAUTION - executable file)

 

O4 - HKCU\..\Run: [NVIEW] rundll32.e3e (CAUTION - executable file) nview.dll,nViewLoadHook

 

O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.e3e (CAUTION - executable file)" /background

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.e3e (CAUTION - executable file)/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.e3e (CAUTION - executable file)

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O10 - Unknown file in Winsock LSP: g:\progra~1\surfpass\splsp.dll

 

O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/.....b31267.cab

 

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/.....E_UNO1.cab

 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi.....5553572238

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/.....b31267.cab

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/.....b47946.cab

 

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/.....b31267.cab

 

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.e3e (CAUTION - executable file)

 

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Cisco Systems\VPN Client\cvpnd.e3e (CAUTION - executable file)

 

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - G:\PROGRA~1\SurfPass\Firebird\bin\fbserver.e3e (CAUTION - executable file)

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.e3e (CAUTION - executable file)

 

O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.e3e (CAUTION - executable file)

 

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.e3e (CAUTION - executable file)

 

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.e3e (CAUTION - executable file)

 

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - G:\Program Files\Trend Micro\OfficeScan Client\tmlisten.e3e (CAUTION - executable file)

[gonpost]

Congratulations, you have run into the random-corruption-that-causes-restart of-death-bug.

 

 

 

I've had it before, but it affected limewire. I've had other friends have the same thing happen with other programs. Usually if you simply uninstall and then reinstall that program, that will get rid of the problem.

 

 

 

Try that, if not, post back here.

[l33thunt3r]

Thing is, my dad installed it.

 

 

 

He was trying to fix my previous problem. (LMAO)

 

 

 

BTW, hey you SODB'er.

[Kinslayer777]

If its a full shutdown-reboot sort of restart (not complete crash)

 

 

 

Then *try* this..

 

 

 

(run)

 

 

 

Shutdown(space)-A

 

 

 

That's

 

 

 

Shutdown -A

 

 

 

Dont forget the space.

 

 

 

I believe thats what i had to do when i got the blastworm worm/virus...But i'm not sure what sort of corruption it is if you literally restart. Not to advocate ignoring problems but what about downloading firefox off another computer, installing it via some sort of usb/flobby trasnfer, and using that?

[____]

Wait, so you open IE and it instantly restarts, no warning - nothing? Ouch.

 

 

 

 

 

As for the HJT...

 

remove all the 010's (then unregister the dll)

 

 

 

And then completly uninstall SurfPass.

 

 

 

And whatever this is...

 

G:\WINDOWS\TEMP\ZD651B[Caution: Executable File]

 

 

 

that probably shouldn't be there.

 

 

 

 

 

Get SpyBot Search & Destroy and or Ad Aware SE Personal, scan with both. And get a firewall also.