# My PC Crash/Freeze While playing games or watching movies on full screen



## CreepyDog (Mar 6, 2010)

My PC crash/freeze from a long time now...i tryied everything i could do this is what i did to fix my problems but failed:
1:reinstall my pc
2:RegCure to clean my registery's
3:avira to remove my viruses
and like i said my pc crash when i play games or watch movies on full screen...
So how can i fix this problem its realy anoying...
Thanks in advance


----------



## flavallee (May 12, 2002)

Go here and click the green icon to download and save *HijackThis 2.0.2*.

Close all open windows first, then install it in its default location.

Start it and run a scan - which should take 30 seconds or less.

Save the resulting log in Notepad.

Return here, then copy-and-paste the entire log here.

--------------------------------------------------------------

What's your computer specs?

Brand name, model name, model number

Processor type and speed

Amount of RAM

Display adapter/video card description

-------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

though everyone is gonna ignore me...okay
here what my pc requirments are click both links:
http://img43.imageshack.us/img43/4958/ramalabala.jpg
http://img24.imageshack.us/img24/8489/gforceh.png
and click this link to download the Hi jack file notepad:
http://www.sendspace.com/file/vu1oxw


----------



## maceman (Mar 1, 2010)

Try turning off Msn and Skype. Quit them when you're playing or watching movies. You can also try to clean your desktop. It might help a little..


----------



## CreepyDog (Mar 6, 2010)

i dont think that its from my skype neither MSN cuz i always play games when they are turn on its something else :\


----------



## flavallee (May 12, 2002)

Your computer has a NVIDIA GeForce FX5500 256 MB AGP Video card - which should be sufficient for playing most games and watching DVD movies. However, your computer has a low-end AMD Sempron 3000+ 1.81 GHz processor and only 512 MB of RAM. I don't know how much RAM your computer supports, but you need to increase it to at least 1024 MB, and preferably 2048 MB.

You didn't copy-and-paste a HijackThis log here, as requested, so I don't know what's installed and what's auto-loading and running in the background.

Stay away from RegCure or any other kind of registry cleaner/booster/optimizer - unless you're anxious to break certain programs and damage the operating system.

By the way, here is the current driver(GeForce 175.19) for the NVIDIA GeForce FX5500.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

so i must install these drivers? i mean the ones you gave me link above?
and when i install it is it gonna fix my pc?


----------



## flavallee (May 12, 2002)

Let's see what driver version you currently have installed.

Right-click MY COMPUTER, then click Properties - Hardware - Device Manager, then click the + in *Display Adapters*.

Double-click on the NVIDIA GeForce FX5500 entry, then click Driver(tab).

What's listed there for the driver version and the driver date?

----------------------------------------------------------------

I reluctantly downloaded and copied your HijackThis log here.

You have *BitComet* and *DAEMON Tools Lite* in your computer, and your sendspace.com site loves to throw up pop-ups, so I have no doubt that your computer is infested with spyware and malware and "who knows what else".

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:03, on 07.3.2010 ã.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Skype\Phone\Skype.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.1.2.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Å&êñïîðòèðàé â Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267204358640
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

here:
http://img148.imageshack.us/img148/4102/problem1d.jpg
http://img138.imageshack.us/img138/6641/problem2t.jpg
http://img269.imageshack.us/img269/3862/problem3i.jpg


----------



## flavallee (May 12, 2002)

Your graphics driver is about 3 years older than the GeForce 175.19 graphics driver at the NVIDIA site.

Have you ever downloaded and installed a graphics driver?

----------------------------------------------------------------

Go here to download the free version of *Malwarebytes Anti-Malware*.

Go here to download the free version of *SUPERAntiSpyware*.

Just download and save them both for now. Don't install them or do anything with them yet.

Advise me when you've done that.

---------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

ok i downloaded both programs btw do you have skype or MSN/Yahoo? so we can have a better contact
skype: creepy_dog
MSN/Yahoo: [email protected]


----------



## flavallee (May 12, 2002)

I don't use Skype or Yahoo or MSN for on-line chat or talking. 

We need to keep everything posted here anyway so anyone who wants to assist can respond accordingly.

------------------------------------------------------------------

Now that you have both programs downloaded and saved, go ahead and install them. Make sure to update their definition files during the install process. 

After they're both installed and updated, restart your computer.

Advise me when that's done, then I'll give you instructions for running a scan and posting a log with them.

------------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

okay everything is done


----------



## flavallee (May 12, 2002)

Start *Malwarebytes Anti-Malware*, then select the "quick scan" option, then start the scan.

Note: Don't use your computer while the scan is in progress.

As problems are found, it'll display the number of problems in red.

When the scan is finished, select and remove EVERYTHING that was found.

Restart your computer, if prompted to, so the removal process can finish.

Start *SUPERAntiSpyware*, then select the "quick scan" option, then start the scan.

Note: Don't use your computer while the scan is in progress.

As problems are found, it'll display a list and the number in each list.

When the scan is finished, select and remove EVERYTHING that was found.

Restart your computer, if prompted to, so the removal process can finish.

Start MBAM again, then go to Logs(tab).

Highlight the scan log entry, then click Open.

When the scan log appears in Notepad, copy-and-paste it here.

Start SAS again, then go to Preferences - Statistics/Logs(tab).

Highlight the scan log entry, then click View Log.

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

okay i scan my pc with the malware prog there wasnt any viruses or anything wrong this is what it displayed after the scan:
Malwarebytes' Anti-Malware 1.44
Database version: 3831
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

07.3.2010 &#1075;. 17:17:25
mbam-log-2010-03-07 (17-17-25).txt

Scan type: Quick Scan
Objects scanned: 110796
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


now ill scan with the other prog and give you a info about it too


----------



## flavallee (May 12, 2002)

I'm surprised that the MBAM scan log is clean. Let's see what the SAS scan log shows.

----------------------------------------------------------------

Let's see what's installed in that computer.

Start *HijackThis*, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------------

What is the brand name, model name, and model number of your computer?

I asked you earlier, but you didn't reply.

---------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

the SAS scanned 20 minutes...and found 7 viruses and i deleted them then i restarted my pc...
this is the Hijack file:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Athlon 64 Processor Driver
Audacity 1.2.6
Audacity 1.3.7 (Unicode)
Avira AntiVir Personal - Free Antivirus
BlueSoleil
BS.Player PRO
CD_DRV_81
FlexType 2K
Hamachi 1.0.1.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
K-Lite Mega Codec Pack 4.1.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office XP Professional
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.8)
Nero 6 Ultra Edition
NVIDIA Drivers
Paint.NET v3.5.2
PowerArchiver 2007
PowerDVD
Realtek AC'97 Audio
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
vloader 2.7
Winamp (remove only)
Windows Bulgarian Interface Pack



and how can i check brand name,model name, and model number thingy?


----------



## flavallee (May 12, 2002)

You advised that the SAS scan found "7 viruses" and you deleted them.

That's fine, but where's the SAS scan log that I asked for?

-----------------------------------------------------------------

*K-Lite Mega Codec Pack 4.1.7* is very outdated.

You can download version 5.7.0 from here.

Updating your video and audio codecs may resolve part of the problem.

------------------------------------------------------------------

What program do you use to watch movies?

The combination of *Windows Media Player 11* and the K-lite codec pack works well for me.

------------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

yea i know but the log for SAS didnt pop up like the malware prog so i dont know how to get the log and ok ill download those codecs


----------



## flavallee (May 12, 2002)

CreepyDog said:


> yea i know but the log for SAS didnt pop up like the malware prog so i dont know how to get the log


Per the instructions I gave you in post #14:

*Start SUPERAntiSpyware again, then go to Preferences - Statistics/Logs(tab).

Highlight the scan log entry, then click View Log.

When the scan log appears in Notepad, copy-and-paste it here.*

----------------------------------------------------------------

I'm going off-line for awhile and will get back to your thread later.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

oh yea sorry for my stupidity...heres the log file:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2010 at 05:42 PM

Application Version : 4.34.1000

Core Rules Database Version : 4648
Trace Rules Database Version: 2460

Scan type : Quick Scan
Total Scan Time : 00:20:24

Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 363
Registry threats detected : 0
File items scanned : 9519
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\userdfg\Cookies\[email protected][2].txt
C:\Documents and Settings\userdfg\Cookies\[email protected][2].txt
C:\Documents and Settings\userdfg\Cookies\[email protected][1].txt
C:\Documents and Settings\userdfg\Cookies\[email protected][2].txt
C:\Documents and Settings\userdfg\Cookies\[email protected][2].txt
C:\Documents and Settings\userdfg\Cookies\[email protected][1].txt

Trojan.Agent/Gen-HackPatch
D:\HACKS\HIDE_SECRET_FILES_3.0\HIDE SECRET FILES 3.0.PATCH\HIDE SECRET FILES 3.0-PATCH.EXE

and okay dude take your time 
PS: i gotta go here is like...22:00 and tomorow is school so night night ill see the thread tomorow if you posted something =]


----------



## flavallee (May 12, 2002)

If you trim down that startup load of its unnecessary running programs, you should gain some speed and performance. The only program that really needs to auto-load and run is Avira AntiVir. Some of the others don't need to auto-load and run at all, and some of the others can be manually started when needed.

And you're expecting too much of that computer with a low-end AMD Sempron processor and only 512 MB of RAM. Playing games and watching movies puts too much of a memory load and graphic load on it.

--------------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

but i never had that problem since 2005 :\


----------



## flavallee (May 12, 2002)

I don't know how long you've had *RegCure* or how many times you've used it, but it's possible that it's caused some damage to the operating system.

You should never ever use a registry cleaner/optimizer/booster/tuneup program. They do nothing to improve speed or performance. What they do is break certain programs and damage the operating system.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

i have RegCure from about a month maybe...and my crash problem is from a long time now


----------



## flavallee (May 12, 2002)

You still haven't advised me what program you use to watch movies.

Do you use a remote control unit with your computer to watch movies?

---------------------------------------------------------------

Go into Start - Run - MSCONFIG - OK - Startup(tab).

Remove the checkmark in all entries except for *avgnt*.

Click Apply - OK - Exit Without Restart.

Go into Start - Run - SERVICES.MSC - OK.

Double-click on *NVIDIA Display Driver Service* and *Cyberlink RichVideo Service*. You have to do one at a time.

Change "Startup Type" to Manual, then click Apply - OK.

Close the window, then restart your computer.

When the small System Configuration Utility window appears, put a checkmark in that window before you click OK.

--------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

i open my movies with BS player
and i did the thing you asked me to do


----------



## flavallee (May 12, 2002)

If you followed my instructions in post #26 to get the startup load trimmed down, I need to see a new HijackThis log.

----------------------------------------------------------------

I'm not familiar with *BS Player 2.51*, so I don't know how it compares with *Windows Media Player 11* with watching movies.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:43, on 08.3.2010 г.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.1.2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267204358640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 3664 bytes


----------



## flavallee (May 12, 2002)

You didn't follow my instructions correctly.

Go back into Start - Run - MSCONFIG - OK - Startup(tab), then remove the checkmark in

*NvCplDaemon* or *NvCpl.dll,NvStartup*

Click Apply - OK, but don't restart yet!

Go back into Start - Run - SERVICES.MSC - OK, then change "Startup Type" in

*NVIDIA Display Driver Service*

from Automatic to Manual, then click Apply - OK.

Close the window, then restart your computer.

When the small SCU window appears, make sure to put a checkmark in it before you click OK.

Post a new HijackThis log here.

---------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

there isnt any *NvCplDaemon or **NvStartup*


----------



## flavallee (May 12, 2002)

Besides *avgnt* and *ctfmon*(which you want to leave checked), what other entries are still checked?

---------------------------------------------------------------

Make sure these 3 services are set on Manual and not on Automatic.

*BlueSoleil Hid Service - IVT Corporation

NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner *

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

here are screens of the system config. utility:
http://img411.imageshack.us/img411/1623/prob1.jpg
http://img517.imageshack.us/img517/3316/prob2t.jpg
and i did the manual thing


----------



## flavallee (May 12, 2002)

All you need to do is uncheck all entries, except for *avgnt* and *ctfmon*, then click Apply - OK - Restart.

I can't make it any simpler than that for you.

After you restart, those are the only 2 entries that should have a checkmark.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

how to check those entries?


----------



## flavallee (May 12, 2002)

CreepyDog said:


> how to check those entries?


Read the instructions in post #26.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

http://img72.imageshack.us/img72/1713/prob1m.jpg
http://img717.imageshack.us/img717/7497/prob2.jpg


----------



## CreepyDog (Mar 6, 2010)

i have another problem...my mouse doesnt move and in the taskbar(the blue bar that includes the start menu) in the right theres a device icon with a big ballon and it pop ups when i try to move the mouse it said:
One of the USB devices attached to this computer has malfunctioned, and Windows does not recognise it.


----------



## flavallee (May 12, 2002)

CreepyDog said:


> http://img72.imageshack.us/img72/1713/prob1m.jpg
> http://img717.imageshack.us/img717/7497/prob2.jpg


*NvCpl* is still checked. You need to uncheck it, then click Apply - OK - Exit Without Restart.

Next, you need to change *NVIDIA Display Driver Service* from automatic to manual, then click Apply - OK.

After you restart your computer, *NvCpl* should still be unchecked.

Follow the instructions in post #26 to make the changes.

---------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

everything done


----------



## flavallee (May 12, 2002)

Let's see a new HijackThis log.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Skype.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Winamp\winamp.exe
D:\Fighter Factory\ff32.exe
D:\TeamViewerPortable\TeamViewer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.1.2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "D:\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267204358640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 3692 bytes


----------



## flavallee (May 12, 2002)

Your HijackThis log is incomplete and shows running processes in the D drive now. I have no idea what you're doing with that computer. We're beating a dead horse here and I'm wasting my time.

-----------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

i think my pc works fine now :O thank you so much ;-;


----------



## CreepyDog (Mar 6, 2010)

ahhh...my pc starting to crash again...my pc was good since the day you helped me flavale 
heres a hi jack file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:05, on 26.3.2010 г.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programs\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cigicigi.gen.tr/platform/radyo.php?y=radyoCGCGC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Programs\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267204358640
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - IVT Corporation - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 4977 bytes


----------



## flavallee (May 12, 2002)

Your computer is infected. Click "Report" and then request your thread be moved to the "Malware Removal & HijackThis Logs" section so a gold shield malware expert can assist you. There's nothing more that I can do for you.

----------------------------------------------------------------


----------



## CreepyDog (Mar 6, 2010)

okay hope someone helps me...now i m in safe mode :\


----------

