Anti Spyware scans crash machine to BSOD

Hi All, can you help me figure this out?

Both Spybot and AVG Anti Spyware crash this machine during a scan. AVG scans memory ok but when it starts on the registry, CRASH. BSOD.

Installed AVG after Spybot kept crashing. Both run for a while, then BSOD.

Stop: 0x00000050 (0Xffff90f8, 0X00000000, 0X8054A832,0X00000000)

Both Program crashes have identical stop.

Other machine syptoms, very slow boot, boot now taking 4-5 minutes, up from one.

Email, web seem to be loading slower. Hard to tell though, just my impression.

Norton AV detects nothing.

Otherwise, machine runs normally, no other obvious problems.


So, I don't know if this is a spyware problem or originating somewhere else on the OS.

Any and all help will be greatly appreciated.

Take care,

Martin

 

Hi Martin,

One reference is to check if this is a trojan:

http://www.kbalertz.com/kb_894278.aspx

And you should post a HJT log:

Please download HijackThis! SetUp from http://downloads.malwareremoval.com/HJTsetup.exe
Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation.

Follow the prompts for the defualt install location of:'C:\Program Files\HijackThis'.

Tick the 'Create a desktop' button when the option appears.

Select next, then allow HijackThis! to start.

Then press the [Scan] button.
You will notice the [Scan] button will turn into a [Save Log] button.
Click the [Save Log] button and notepad will open up with the contents of the scan.
Right-click in the saved log, and select 'copy'.

Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed.

Do not make any modifications to the log or perform any 'fixes' until told to do so.

Regards - Charles

 

Hey Charles, good to hear from you. I followed the instructions in the MS KB link you posted, no trace of the referenced .sys or .exe files on this machine. If they're here, they sure are well hidden. I've gone cross-eyed searching for them.

I can't, unfortunately, follow your instructions to the letter, "Do not make any modifications to the log or perform any 'fixes' until told to ", as I had run HiJack This! earlier today and deleted a few items that looked suspicious to me and a couple of BHOs I didn't want. That didn't help though, still getting the crashes. I guess I could restore them from the backup folder, but I'll wait for your instructions.

I really appreciate your help. I do all my financials on this computer and the thought of a Trojan scares the bejabbers out of me.

So, here is the Hijack This! log file from it's last scan of earlier today.

Hope you don't go cross-eyed reading it.

Thanks again,

Take care,

Martin




Logfile of HijackThis v1.99.1
Scan saved at 1:24:04 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\WINDOWS\System32\GEARSec.exe
D:\Program Files\PC Magazine Utilities\HD HeartBeat\HD HeartBeat 2\HBSrvApp.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\UPHClean\uphclean.exe
D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneycentral.msn.com/investor/quotes/pprtq.asp?Symbol=GE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - D:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - D:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: APC UPS Status.lnk = D:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: S&end Using Outlook - C:\Program Files\SnipIT\SnipIT\sendusingoutlook.htm
O9 - Extra button: Provenio iSpell - {02FF25C8-B4A1-46a2-9273-25D9194809D9} - D:\Program Files\iSpell\iSpell.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe
O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Movies Extractor Scout - {98779B39-C2E0-473B-8852-F5A040C1E023} - D:\Program Files\Movies Extractor Scout\flashextract.exe
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.cyberguys.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129079016281
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoToMyPC - GEAR Software - (no file)
O23 - Service: HBService - Ziff Davis Media, Inc - D:\Program Files\PC Magazine Utilities\HD HeartBeat\HD HeartBeat 2\HBSrvApp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Ahead\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Hi and welcome to the Spyware & Virus Removal forum.

If you could, just provide for us the file names and CLSIDs.

Don't see anything obvious in the logs tho, by removing a BHO or two that could be all we need to point us in the right direction.

 

Hi TeMerc: The backup screen on HiJack This! will not allow copy/paste, so I took 3 screen shots, .jpg and will try to attach them to this post. I don't understand the way the date is displayed, as they show up as 5/2/07 and I did the deletes yesterday. I didn't have the desktop messenger enabled, so I got rid of all those protocols. I guess they got there when I installed their web cam.

I did a google search on the problem and the only thing I could find was a couple of people whose CPUs were overheating, said blowing out heat sink cured it. Not the case here.

Anyhow, thanks for looking at this, I hope we can solve it. Also, hope the attachments (3) show up on the bbs site, I think I attached them.

Thanks,

You take care,

Martin

Edit: I see only one attachment, I'll try to post the others in a seperate post.

 

Attachment #2 Over 250kb, got to break the .jpg s down some more.

 

I'm trying, I think I got them (screen captures) attached. I'm guessing that the .jpg files because they include the background take a lot more space than a log file, but I couldn't figure out any other way to get them in a post.
The five captures should show all I deleted yesterday.

Thanks again,

Take care,

Martin

 

Ok, none of those showed any BHOs, which you mentioned you removed. And none of those are recognized threats either.

The date displayed is the European way to show it, day then month then year:5th day of the 2nd month of '07.

When did the long boot up and hanging begin? After any other software install or perhaps after a Windows update? Let us know.

 

I don't know why the BHO removals don't show up in the backups. My memory is so bad that I just don't remember what they were either. Not that they were unusual, I think Yahoo Toolbar was one. I guess I wasn't paying attention.

The last updates I installed were the patch Tuesday, January 12. Outlook and IE 7 security updates along with Windows Defender definitions plus new drivers for Ethernet card and I have a new monitor that MSFT had new drivers that were also downloaded and installed.

Last software installed: Adobe Reader 8, Updated Apple Quicktime w/o Itunes.

It's hard to pin down when the long boot times started, I just don't reboot that often. What I first noticed was the slower re-loading of email after deleting one. It seemed that the list sort of scrolled back into place instead of just being there.

But, the crashing of Spybot started, probably a month ago or more, Was trying to find a fix for a while before posting. I even tried to do an online scan with AVG before installing their anti spyware and that crashed the machine as well with the same stop error.

Norton AV runs to completion and reports a whole bunch of 0. Ad Aware SE also runs to completion, usually reports tracking cookies which I delete.

I opened AVG anti spyware and noticed it has two items in quarentine. I don't know how that happened as the last run (yesterday) crashed as usual. It won't let me copy them, so I'm attaching a screen shot. I hope some of this helps.

Thanks for staying with me on this.

Take care,

Martin

 

Hi Martin,

This sounds like you have some sort of conflict and a bear to troubleshoot.

My suggestions would be to:

Disable the Browser's add-ons - see how it runs, if ok, then add back in a little at a time.

Start with minimal processes running and add back in.

Regards - Charles

 

I was actually just beginning to think similarly as Charles. This could be an odd conflict with something else that is trying to access the system files at the same time.

Have you tried running either Spybot or AVG in safe mode? If so what were the results?

 

Good afternoon gentlemen: I have run Spybot in safe mode with same results. Well, not exactly the same. Running SpyBot safe mode results in quicker crashes, almost instantaneously. Haven't tried AVG in safe.

Safe mode start up very slow too.

How to disable browser add ons and add back one at a time? Never have done that. Disable in internet options? How to add back individually?

How to run with minimal services? Know how to stop services, but which?

Thanks for sticking in there with me on this. It really concerns me, if I can't scan for and delete spyware.

Take care,

Martin

 

Hi Martin,

If the problem shows up in Safe Mode, then I think there is a fundemental problem with the system itself, may not be software conflicts.

To eliminate or confirm a HD problem, have you run ckdsk? Also it might pay to run the drive's manufacturer's diagnostic tool - should be available on their site.

IE7: Tools drop menu under the search window in the upper right > Manage Add-ons.

IE6: Top tool bar > Tools > Manage Add-ons.

As far as the Services, go into msconfig and look at the Startup Selection options.

Another is Services for the firewall/AV which usually have Service entries - disable them temporarily.

I was also thinking of minimal apps - uncheck entries in msconfig startup tab.

Regards - Charles

 

Sorry to take so long to get back to this, been busily backing up my "C" drive.

You were right on target with figuring a hardware problem. See this from event viewer:

Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 52
Date: 2/6/2007
Time: 8:47:50 PM
User: N/A
Computer: CATASTROPHY
Description:
The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0e 00 03 00 01 00 5e 00 ......^.
0008: 00 00 00 00 34 00 04 80 ....4..€
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 11 2d 00 ......-.
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 ...

Now "C" is backed up, problem is, I can't figure out which drive is failing, as I have 6 drives (not counting the USB and 4 opticals) with 3 drives designated "0 ". I have run IBM's diagnostics on all 3 "0" drives and it reports no problems.

I am so confused. Payback for trying to be creative?

One drive, "0" is on MOBO SCSI header, this is boot drive. (run as IDE)
One drive, "0" is on MOBO IDE header.
One drive, "0" is on PCI card IDE header.
All 3 are jumpered as master.

Do you have any idea what the DRO in "Harddisk0\DR0" designates?

Because of the slow boot, it may be reasonable to assume it is the "C" drive that is failing, but after thinking about it, that is not necessarily the case, because any failing drive may very well slow the boot process.

Just to confuse me further, Windows has, without my permission, changed drive letter designations on everything except "C" and "D ", including the opticals and USB+card reader drives.

I really don't understand how any of this would influence the behavior of Spybot and AVG's anti-spyware.

If it wasn't for that anti-spyware problem I might just wait for the failure to occur to solve the problem of which drive.

Let me know if you think the "DRO" in the failure warning is significant of anything.

Sorry to be so much trouble.

Thanks again for your help.

Take care,

Martin

 

Hi Martin,

According to this one link http://www.pcreview.co.uk/forums/thread-1538662.php Harddisk0/DR0 refers to the first HD in the Disk Management console.

Right click My Computer > Manage > Disk Management.

Start a thread in the Hardware section for the hardware guys to look at and link back to this thread.

Regards - Charles

 

Hey Charles, took your advise and posted to Hardware, linked back to this post

The link you posted to PC Review forums didn't tell me much about the DRO, unless I missed something. Google search didn't provide much either.

Maybe the hardware guys will come up with something. I disconnected 3 of the six hard drives, stopped getting failure messages, but getting all kinds of error messages in Event Viewer, System.

Maybe the hardware guys will help.

Thanks again,

Take care,

Martin

 

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.