Error > Windows Hangs > Shuts Down

[abhay 0]

guys some virus has struck my computer !

1) windows is fully updated

2)zone alarm is fully updated

3) norton antivirus is fully updated

did a full system scan using stinger and norton but no clues! here are some of the errors that i get

and yup there is a hijackthis log below c if u can help me out

Logfile of HijackThis v1.99.1

Scan saved at 5:16:21 PM, on 22-Oct-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\ZoneLabs\isafe.exe

D:\WINDOWS\system32\inetsrv\inetinfo.exe

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\NetLimiter 2\nlsvc.exe

D:\WINDOWS\system32\pctspk.exe

D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

D:\Program Files\NetLimiter 2\NLClient.exe

D:\WINDOWS\regedit.exe

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

D:\Program Files\Sify Broadband\BBClient.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Sify Broadband\BBImpSec.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\WinRAR\WinRAR.exe

D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.563\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .htm: D:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129460994875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129460902281

O17 - HKLM\System\CCS\Services\Tcpip\..\{D00B3DB7-4AB8-4533-84C5-D6F84F2ADD4A}: NameServer = 202.144.115.4,202.144.66.6

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2\nlsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

[anujit 0]

Dude how do you know theres a virus?

[abhay 0]

dont know thats a speculation

Edited October 22, 2005 by abhay

[ashoksoft 83]

Symptoms please... maybe something can be explained!

I guess it could be an issue with the RAM, try to remove it, and clean the contacts with a pencil eraser, and tell us the outcome

Cheers

Ashok

Edited October 22, 2005 by ashoksoft

[@ksh@T 20]

arre yaar its not a virus...who hell says its a virus its some windows problem or something like that..all u hv 2 do is restore windows..thats it ....ok..

[abhay 0]

arre yaar its not a virus...who hell says its a virus its some windows problem or something like that..all u hv 2 do is restore windows..thats it ....ok..

44682[/snapback]

about the os

windows xp sp2

norton antivirus 2005

zone alarm 6.0.667.000

all fully updated

heres the catch!

1) the other day when i got sify connection! i had this problem for the first time

2) next day i formatted my computer and loaded my pc frm the scratch ( which i genn do every 5 - 6 months)

3) prob still persists * cannot be a windows error coz the application which i use are the same as i use always as with the installers

cant do a system restore because the first thing when i format my computer is shutdown system restore for all drives (its my belief that its a waste of memory )

now for the symtoms

the below given error comes almost any time! then the system hangs and have to restart the computer and sometimes i even get a error which was one famous loopholes in windows before sp2 ie :- system will shutdown in 60 seconds

and yup when i searched about this error all the results pointed towords mydomm , seaser etc etc etc etc etc ! used stringer & online pc scan & hijack this did not find nething suspisious

cannot be a problem with hardware ! opened the system and cleant all parts just recently

Edited October 22, 2005 by abhay

[Chirag 5]

It cud b a virus. Do u use Adaware? Try running that, helps alot!

[@ksh@T 20]

yaar u must have wen gotta a new Bband conn..u might hv gotaa a new MODEm and might be there a problem of hardware conflict..remove the modem and then work on a new installed windows..look

[abhay 0]

yaar u must have wen gotta a new Bband conn..u might hv gotaa a new MODEm and might be there a problem of hardware conflict..remove the modem and then work on a new installed windows..look

44693[/snapback]

nothing is new ! the lan card was installed in my compuer prevously! thats where the problem is nothing has been changed or added except the sify bb software

Edited October 22, 2005 by abhay

[ashoksoft 83]

Try to clean the RAM mate!

[rEdshiFt 1]

To point out the obvious - Lodge a complaint to sify. Tell them their damn software crashes your machine.

[abhay 0]

To point out the obvious - Lodge a complaint to sify. Tell them their damn software crashes your machine.

44732[/snapback]

yup actully thought of calling sify up and asking them if any other people had the same ******* problem with the software

Edited October 23, 2005 by abhay

[Emmanuel 0]

the problem might be with software which u have loaded,

1. try booting windows xp in the safe mode, for this keep pressing F8 at the start of booting, there will be an option window where u can select the way of booting( command prompt, safe mode, debugging mode, or only with necessary drivers)

try one by one. then first go into the operating system and then uninstall the software which u have installed. this is the method for most such irresponsive software programs. It might work.

i also suspect some spyware, most spywares are resistant to Norton Antivirus. Try using spybot.

[RajanPERT 0]

@Abhay!

This is not a virus or a spyware or trojan horse. This is a problem in your RAM i.e. hardware related problem. It does not read lsass.exe. Then it will give you this error as you get in figure attached by u. When u click ok. Window kill specific modules or services lsass.exe. This file is necessary to run the windows. But when window close this file, it will give you a message that your system will shutdown in 60 sec. (As happened in the case of soem virus).

Try to do one thing.

1. Try to run your system at company made CMOS's safe mode setting. (related to the CMOS setup not windows)

2. Change the RAM with some other one and run the system again.

It may solve your problem. If u find any other solution plaese share with us.

Thanks and Take Care!

Thanks and Take Care!

[abhay 0]

well i think the problems with the sify software because generally the error comes up only after i start the software or with the RAM well was thinking of upgrading to 512 as it is so will change the ram in couple of days!

for now when the error comes i just keep the window under the taskbar for present thats the only solution coz i cant CHANGE the ISP and will change the RAM but not for now!

Edited October 26, 2005 by abhay

[RajanPERT 0]

1. Try to install SIFY's software at other drive or change the location of software and then check.

2. Also try to move file seev.exe to temp folder and check after that.

It may solve your problem till RAM changes.

Thanks and Take Care!