Shutting down running wild

J

John Bradford

New member
Hello there,

I need help, please, with my machine Windows XP IE7 that, each time I turn the machine off to shut it down, it goes wild for about two minutes, like accelerating and noisy before it goes off. Also, when I try to open CNN video, it takes up most cpu, and clumsily display the video, erratically. I ran the Registry Booster and Spybot but to no avail. There must be something like Malwares somewhere out there. Enclosed herewith the DDS (pasted below) with zipped Attach file. Your help is very much valued.

John

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Administrator at 7:49:29 on 2012-07-25
Microsoft Windows XP Professional 5.1.2600.3.932.81.1041.18.2047.1377 [GMT 9:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\B's Recorder GOLD8\bgsvc.exe
C:\Program files\B.H.A\Common\bgsvcg.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.jp/
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - PCTools Site Guard
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
BHO: Fire-Trust SiteHound: {c86ae9c0-0909-4ddc-b661-c1afb9f5ae53} - CPub Object
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: SiteHound: {73f7f495-a325-4c52-be48-5f97fa511e89} -
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [ctfmon.exe] ctfmon.exe
StartupFolder: c:\docume~1\admini~1\ベター~1\プロバ~1\ベター~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\admini~1\ベター~1\プロバ~1\ベター~1\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Google 検索(&G) - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Microsoft Excel にエクスポート(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: このページのキャッシュ - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: リンク元 - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: 翻訳(&T) - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: 関連ページ - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D74527B1-D405-4673-8A30-1A9B346AADF2} - hxxp://viewer.zooma.jp/viewer/mamoViewer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{1125DF7F-68D8-4B8A-BF25-7918E0D8D2E2} : DhcpNameServer = 192.168.11.1
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.98.9.3 pop.jcom.home.ne.jp.b9
Hosts: 127.98.9.4 smtp.jcom.home.ne.jp.b9
Hosts: 127.98.9.1 pop.ksrzu1.kt.home.ne.jp.b9
Hosts: 127.98.9.2 pop.mail.yahoo.com.b9
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2012-6-21 17192]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-15 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-15 83392]
R2 bgsvc;B's Recorder GOLD Service;c:\program files\b's recorder gold8\bgsvc.exe [2006-11-20 81920]
R2 bgsvcg;B's Recorder GOLD General Service;c:\program files\b.h.a\common\bgsvcg.exe [2007-12-21 145256]
R2 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [2012-6-21 196000]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-21 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-21 838136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-6-9 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-6-9 8456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-07-21 03:26:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-21 03:26:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-07-19 22:48:05 -------- d-----w- c:\documents and settings\all users\application data\AJSystems
2012-07-19 22:48:01 -------- d-----w- c:\program files\ezBackup5
2012-07-16 10:34:39 -------- d-----w- c:\windows\system32\appmgmt
2012-07-11 23:00:03 -------- d-----w- c:\program files\CrystalDiskInfo
.
==================== Find3M ====================
.
2012-07-12 07:04:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 07:04:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:55:12 1865728 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 19:57:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-06 19:57:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-05 15:49:29 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:29 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:11 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 06:19:48 18456 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 06:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 06:19:34 14360 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 06:19:34 13848 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 06:19:34 12824 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 06:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 06:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 06:18:58 15088 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21:57 593920 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:36:59 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-08 11:19:23 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 03:14:34 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:33 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD160JJ/P rev.ZM100-34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-2b
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 7:55:31.01 ===============
 
shelf life said:
hi John Bradford,

Your post is a few days old. If you still need help simply reply back.
Click to expand...

Thanks for the kind reminder. As a matter of fact I do still need help. I have changed the motherboard, cpu, and migrated the contents into another HD, yet the problem still persists. I can watch all of the Youtube videos with no problem. The websurfing is perfect. But, when I tried to start my favorites CNN and JerusalemOnline videos, it just goes erratic and freeze. Also, when shutting down, it takes about 2 minutes while revving up with the fans getting wild to cool the system down, I suppose. However, if I replace this HD with some others, the shutting down gives no problem, quietly, a matter of less than 2sec. These three problems that I am looking for help. Many thanks again.

JB
 
So is the DDS log you posted from the rebuilt machine? Have you been to Windows Update? Your running IE 7.0.

Registry Booster
Click to expand...
This type of software is useless and not needed. You can remove it via the add/remove programs panel.

Download and run the free/standard version of ccleaner. Clearing out your cache with it is a start.
 
shelf life said:
So is the DDS log you posted from the rebuilt machine? Have you been to Windows Update? Your running IE 7.0.


This type of software is useless and not needed. You can remove it via the add/remove programs panel.

Download and run the free/standard version of ccleaner. Clearing out your cache with it is a start.
Click to expand...

Thank you for the continued assistance. The DDS log is before the changes described above. But I am now attaching the new DDS just in case it is needed. Also I am running IE 7.0.

I have just followed your advice, so I removed the Registry Booster from Control Panel's ADD/REMOVE. Reboot. Then I run CCleaner checking all the checkboxes.

The result was the same.

Now, the DDS with the Attach:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Administrator at 22:16:36 on 2012-08-09
Microsoft Windows XP Professional 5.1.2600.3.932.81.1041.18.3583.2996 [GMT 9:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: SiteHound: {73f7f495-a325-4c52-be48-5f97fa511e89} -
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] ctfmon.exe
StartupFolder: c:\docume~1\admini~1\ベター~1\プロバ~1\ベター~1\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343653714184
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343396151031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D74527B1-D405-4673-8A30-1A9B346AADF2} - hxxp://viewer.zooma.jp/viewer/mamoViewer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{1125DF7F-68D8-4B8A-BF25-7918E0D8D2E2} : DhcpNameServer = 192.168.11.1
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.98.9.3 pop.jcom.home.ne.jp.b9
Hosts: 127.98.9.4 smtp.jcom.home.ne.jp.b9
Hosts: 127.98.9.1 pop.ksrzu1.kt.home.ne.jp.b9
Hosts: 127.98.9.2 pop.mail.yahoo.com.b9
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2012-6-21 17192]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-15 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-15 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-15 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-15 83392]
R2 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [2012-6-21 196000]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-7-21 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-7-21 838136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-6-9 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-6-9 8456]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 bgsvc;B's Recorder GOLD Service;c:\program files\b's recorder gold8\bgsvc.exe [2006-11-20 81920]
S4 bgsvcg;B's Recorder GOLD General Service;c:\program files\b.h.a\common\bgsvcg.exe [2007-12-21 145256]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-08-08 01:15:04 -------- d--h--r- C:\SD_VOICE
2012-07-27 09:17:49 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2012-07-25 22:46:30 -------- d-----w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-07-25 08:14:13 -------- d-----w- c:\program files\dvddr
2012-07-21 03:26:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-07-21 03:26:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-07-19 22:48:05 -------- d-----w- c:\documents and settings\all users\application data\AJSystems
2012-07-19 22:48:01 -------- d-----w- c:\program files\ezBackup5
2012-07-16 10:34:39 -------- d-----w- c:\windows\system32\appmgmt
2012-07-11 23:00:03 -------- d-----w- c:\program files\CrystalDiskInfo
.
==================== Find3M ====================
.
2012-08-06 23:05:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 23:05:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:55:12 1865728 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 19:57:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-06 19:57:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-05 15:49:29 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49:29 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 08:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:11 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 06:19:48 18456 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 06:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 06:19:34 14360 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 06:19:34 13848 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 06:19:34 12824 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 06:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 06:18:58 15088 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21:57 593920 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:36:59 832512 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 22:17:26.20 ===============
 
Ok. Two things. You can download and run Malwarebytes:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Next: Reset IE back to its defaults; With IE open go to tools>Internet options>Advanced tab and click on the Reset button near the bottom. Restart IE.
 
shelf life said:
Ok. Two things. You can download and run Malwarebytes:

Please download the free version of Malwarebytes to your desktop.

... install the program.....

....Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

....When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Next: Reset IE back to its defaults; With IE open go to tools>Internet options>Advanced tab and click on the Reset button near the bottom. Restart IE.
Click to expand...

All done as per your instructions. Also IE was "Reset."

Outcome report. CNN and JerusalemOnline still remain unwatchable. And Shutting down, no change.

Thank you for the continued help. Below is the Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: CJ3013952-E [administrator]

2012/08/10 11:08:03
mbam-log-2012-08-10 (11-08-03).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327266
Time elapsed: 1 hour(s), 47 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
What we have tried so far is for the web site issue. The shut down is a separate issue. Not sure if ccleaner clears flash cache so follow this to try it;

clear cache http://forums.adobe.com/message/4278569

other steps to try:

Disable hardware acceleration:http://forums.adobe.com/thread/891337

You could also try uninstalling, reboot machine then reinstall flash.

uninstall: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

reinstall: http://get.adobe.com/flashplayer/

you could also try another browser other than IE just as a experiment.

The shut down: you said you have a new mainboard/cpu. You have installed the motherboards drivers from a install CD or the board vendor website?
Also Windows update may have a fix for some known shutdown issues. You have been to windows update to download patches and fixes?
 
shelf life said:
What we have tried so far is for the web site issue. The shut down is a separate issue. Not sure if ccleaner clears flash cache so follow this to try it;
......
clear cache http://forums.adobe.com/message/4278569
.....
Disable hardware acceleration:http://forums.adobe.com/thread/891337
......
You could also try uninstalling, reboot machine then reinstall flash.
......
you could also try another browser other than IE just as a experiment.
.....
The shut down: you said you have a new mainboard/cpu. You have installed the motherboards drivers from a install CD or the board vendor website?
Also Windows update may have a fix for some known shutdown issues. You have been to windows update to download patches and fixes?
Click to expand...

Thank you for further help.

(1) The cache is cleared besides the use of CCleaner
(2) Hardware Acceleration is disabled
(3) The FlashPlayer is uninstalled, and re-installed as per the directive of adobe about this in the website
(4) Safari was tried for an alternative to IE7


First, comments about the above before answering the question relating to shut-down.

- CNN remains in the same state: once it starts, the fans spin ferociously sucking much cpu, resulting in pictures frozen.

- Good news, however: JerusalemOnline plays well for the first time.

- With Safari, CNN plays normally (but not with IE7)

Now regarding the shut down, no change was noticed, as yet. To answer the questions being asked, it follows:

The machine is HP dc7600CMT (desktop). When Motherboard is changed, no formatting or initialization is required, therefore, no installation CD. Not only the Motherboard/cpu were changed, the contents of the Hard Disc also was duplicated into another similar one, with the use of EASEUS Bootable CD for Disc Copy ver.2.3.1.0. The reason for all this is to see whether any of the Hardwares is the culprit (M/B, CPU, HD).

With the new Hardwares, the Windows update were carried out to date. No extra update was left undone.

I hope this information may be of help for further ideas.

Your help is invaluable.

JB
 
Have you tried disabling any add ons in IE. Tools>Internet Options>Programs>Manage Add-ons? Also installing IE 8.0?

Do you use anything like ad blocking software? Does Avira contain a "web shield" type application. If so try disabling it to see if CNN will work.

So the new mainboard is the same one that was in there? Have you been to the HP website to see if there are any updates available for your computer model? On shutdown you think its a fan thats spinning wildly and not the hard drive?
 
shelf life said:
Have you tried disabling any add ons in IE. Tools>Internet Options>Programs>Manage Add-ons? Also installing IE 8.0?

Do you use anything like ad blocking software? Does Avira contain a "web shield" type application. If so try disabling it to see if CNN will work.

So the new mainboard is the same one that was in there? Have you been to the HP website to see if there are any updates available for your computer model? On shutdown you think its a fan thats spinning wildly and not the hard drive?
Click to expand...

Thank you again for the reply.

- Add-on in IE. I tried to disable as much as I could, but ended up with CNN stopped working - totally blank site. Then I tried it one by one disabling the items in the list, but giving same results.

- IE8.0. There was a time that I tried IE8, but I found out that I lost the Organize Favorites... in the menu of "Windows" Explorer. I wrote to Microsoft about it, but there wasn't much they could do. In fact I have long list of items I keep in the Favorites menu, that I need to access often. Microsoft gave me a lot of alternatives, such as using the Favorites in IE8.0 menu, or customizing it in Windows Explorer, (which I tried all but), I couldn't get satisfied. So, I returned to IE7. Today I again enjoy the "Organize Favorites..." in Windows Explorer with IE7. Therefore, for totally personal reason, I find it hard to upgrade to IE8.0.

- Avira. There is no "Web shield" there (Free version). I could read "web protection," but I am not subscribed to it.

-Mother board. Yes, it's the same kind, and fully updated from HP site.

- Shut-down/fans. I have two similar other machines. When I take their Hard disks to this main machine, the fans work properly, and nothing abnormal is noticed, including the shut-down. But when I insert back my HD, CNN causes the fans spinning wildly sucking up much cpu, which same effect is noticed when shutting down. Same- noisy. Apart from CNN and shut down (that takes 2 mins while revving up) I have no complaint whatsoever, as the machine works very fine with all other activities/tasks.

That's the comments I could make up to here. Thank you very much again for your time.

JB
 
When I take their Hard disks to this main machine, the fans work properly, and nothing abnormal is noticed, including the shut-down.
Click to expand...

Have you, as a experiment put the HD from your main (noisy) machine into one of the other machines to see what happens, if anything?
 
shelf life said:
Have you, as a experiment put the HD from your main (noisy) machine into one of the other machines to see what happens, if anything?
Click to expand...

Hello there again,

Yes, as a matter of fact I have already done that to see how it goes there, but it behaves the same. I wanted to know if my main machine was the culprit, but it wasn't. That's why I posted this here, to find out just in case the trouble is not connected the hardwares but to something else.


Your help is very much valued, please.

JB
 
I have already done that to see how it goes there, but it behaves the same
Click to expand...

Then I would be looking at the hard drive itself. No doubt you have run Windows disk defragmenter. Programs>Accessories>System Tools.

Also Windows Chkdsk (check disk) here.

HP also may have some HD diagnostic tools. Also the HD maker would have some: Western Digital, Seagate etc. Not sure who HP uses.

In any case since the problem duplicates itself, with the only difference being the hard drive then at least a defrag and chkdsk wouldnt hurt.
 
shelf life said:
Then I would be looking at the hard drive itself. No doubt you have run Windows disk defragmenter. Programs>Accessories>System Tools.

Also Windows Chkdsk (check disk) here.

HP also may have some HD diagnostic tools. Also the HD maker would have some: Western Digital, Seagate etc. Not sure who HP uses.

In any case since the problem duplicates itself, with the only difference being the hard drive then at least a defrag and chkdsk wouldnt hurt.
Click to expand...

As you have rightly guessed, I have already done the chkdsk and defrag. Thank you for confirming.

What I am now thinking to do is, I have an old Hard Disc here with me, containing my last update till 10th of October 2009. I duplicated that Hard Disc, and continued to the present time.

I have just inserted that old Hard Disc in the machine, and the shut down was normal, just a matter of 2 to 3 secs, without the fans sipinning nor noisy revving. But, CNN sucks up cpu, the same problem as the one I am having now.

Now, I will duplicate again that old HD, and move to the new one all of my stuffs, activating the softwares, and continue from there. I wonder if you could help me put the CNN working right, please, as this would be the only problem there.

Many thanks again to you.

JB
 
shelf life said:
HP also may have some HD diagnostic tools.
Click to expand...

I missed to comment on this one. I realized that I have never done this before. But when I checked on the web, there it was. I downloaded the exe file, and run. I found so many yellow exclamation marks in the system. I am not quite sure how far this has something to do with CNN and the strange shut down, but give me some time first to put these drivers right. I will delete the unwanted, and get the updates for the rest. Then I will report back again. And the items needed attention are too many.

Thanks for your patience.

JB
 
shelf life said:
So you got a diagnostic utility to run from the HP web site or from somewhere else?
Click to expand...

Yes it is from HP web site. But looking at the amounts of things which come with the yellow exclamation marks is very intimidating. Even the Keyboard is with Exclamation mark. That include the sounds and almost everything. So far, I could manage to get few right, but how on earth I could get all these in proper order. The Disc Drives in the list are full of exclamation marks. I am not quite sure whether to delete them, or to put them right, but how? That alone is 22 HD's (Maxtor, Western, Hitachi, Samsung, Seagate etc...)

Having spent too much time with these so far, I have come to conclusion, it's impossible. Is there any shortcut to this, please?

JB
 
What does it say at the HP web site about the yellow exclamation marks? I was only interested in anything about the hard drive itself since this was what we narrowed the problem down to. I dont know what your seeing. It should just list the hard drive thats in your machine. I cant imagine a keyboard needing a update or whatever the exclamation mark means in that case.

Another option that comes to mind is setting the machine back to its factory defaults. Most commercial machines have restore partitions or CD recovery media. I cant say if this would solve your problem or not or if you would lose any data. Nor could I help you, all PC vendors are a little different in how they handle factory reset/partitions. I also never owned a commercial PC. I build my own. The best place to find how the options for this would be on the HP website. Just a thought, couldnt say if it would help any.
 
shelf life said:
What does it say at the HP web site about the yellow exclamation marks? I was only interested in anything about the hard drive itself since this was what we narrowed the problem down to. I dont know what your seeing. It should just list the hard drive thats in your machine. I cant imagine a keyboard needing a update or whatever the exclamation mark means in that case.

Another option that comes to mind is setting the machine back to its factory defaults. Most commercial machines have restore partitions or CD recovery media. I cant say if this would solve your problem or not or if you would lose any data. Nor could I help you, all PC vendors are a little different in how they handle factory reset/partitions. I also never owned a commercial PC. I build my own. The best place to find how the options for this would be on the HP website. Just a thought, couldnt say if it would help any.
Click to expand...

After going through long battles of updating the drivers, just now I found out that there are comments at the bottom of the Dialog box about each item selected. I am very sorry. It says, "The divice is not connected to the system." That explains all the yellow exclamation marks. I am not familiar with this Diagnostic, so when I saw the exclamation marks, I panicked, being reminded of the nasty experiences of finding drivers in the Device Manager of the System Properties.

That said, as for the Hard disc comments, all said "The device is working properly": Maxtor 6L160M0, both Master and Slave.

Perhaps, migration is the only option left to try, as far as I am concerned. When I say Migration, I mean taking all of the important things to the older HDD and updating it. This is the HDD of 10th of October 2009 I said earlier. I will use Eazy backup to do some of the transfer. As I mentioned earlier, the shut-down is normal, but CNN is not working there. I really wished this one could be repaired, since all my settings and configurations, and the softwares installed here would be a headache to reproduce in other HDD.

Note: I will keep this HDD all the time as it is, just in case it could still be put right or till a solution be found, if possible.

JB
 
You must log in or register to reply here.
Back
Top