# WoW closes itself without any error message



## Cadaverine (May 17, 2009)

Greetings everyone,

I would like to describe a problem that has been happenning to my world of warcraft since a certain windows reinstallation. I have tried everything, even technical support, but nothing worked. The problem would be: i play for example for ten minutes and suddenly the game closes itself without any error message or something like that. it might happen at any time, for example at the time when i just right-click on WoW's icon, or while loading the loading screen, even when WoW is minimized to the taskbar etc. it is very weird... it has never happened before, although i've been playing WoW on this machine for approximately a year. As i couldn't do anything, i reinstalled windows for several times, but it hasn't solved the problem. Then something came to my mind: it is quite likely that some kind of windows service doesn't like WoW running, so i disabled all windows services in msconfig. at this point i thought i had solved the problem; the game ran normally for a few days, but things are not so easy and the problem turned up again. I reinstalled the system again and disabled all windows services but WoW closed itself in the same way. After this i downloaded a programme named Error Repair Professional and eliminated all errors in my system and it seemed to be working again. WoW ran without being closed for a few days, but you can find out what has happened... yes, WoW closes itself again.... i have checked my computer with eset smart security (nod32), ad-aware, spybot and no malware objects were found, i checked my HDD for bad sectors, but everything works properly, i even disabled Data Execution Prevention but no results. In my opinion, it cannot be a hardware problem because those two things mentioned above worked for a while and other games run perfectly and as i've written above, it ONLY happens to WoW even when minimized to the taskbar. And i noticed something when WoW closes. When this happens, i firmly feel that my cursor speed has slowed down. and yes, when i check mouse cursor speed in control panel, i see that it is back to default... so i set it back to maximum speed, run wow, wow closes and my cursor's speed is back to default again.... and it is also quite interesting that my system restore points just disappear for no reason, and after a system restart, windows couldn't load Luna Element black desktop theme. so i don't know what's going on, but i enclose a Hijack This log just in case someone finds something unordinary thing in it:

P.S.: all my drivers are up-to-date.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:34, on 2009.05.17.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241878219140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B90248-C91B-464C-9998-597854DC6CAF}: NameServer = 82.44.0.1,192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsKill (PSKLLSVC) - Unknown owner - C:\WINDOWS\PSKLLSVC.EXE


----------



## Changster (May 16, 2009)

try compatiblity mode yet?


----------



## Cadaverine (May 17, 2009)

yes, i did, but didn't work.


----------



## RogueSpear00 (Jan 18, 2008)

I'm betting bad memory or bad vid card (or vid memory) bad HDD or ESET is causing an issue. The problem doesn't seem software related if you did a proper reinstall. If you have a problem, reinstall the OS, and the problem still occurs then more than likely the problem isn't software related.

Run memtest on the machine for 1-2 passes. Test your memory - go to http://www.memtest.org/ and download the bootable cd rom. Burn it using the instructions, boot to the CD and let it run.

You said that you reinstalled Windows then the problem still was occuring - was ESET installed at the time? I would try a fresh reinstall with just Windows, and install WoW - run it and see if the problem occurs. Install each of your other apps to see which one is causing an issue - if at all.

What did you use to test your HDD? Need to use a reputable 3rd party software to do a HDD test, not the ones that are included with Windows.


----------



## Cadaverine (May 17, 2009)

I will try your suggestions but i forgot to tell something. memory issue can't cause the problem (IMO), because i had just bought a new memory card when the the problem turned up and WoW closed with both old and new mem cards. nevertheless, i'll try memtest, of course. As for my HDD, i tested it with i dont know what the name of the software is, but it was recommanded by many sites, so i tried it, but it didn't find any bad sectors. but if it comes to my mind, i will write it of course. i don't know if ESET might cause the problem, because when i was searching for the issue in my system, i shut it down and the problem still occured. in spite of this it might cause a problem i don't know. and i would have a question concerning my video card. can video card issue cause the problem when WoW is minimized to the taskbar using approximately 7 megabites from the memory and very minimal system resource? because if i know well, WoW doesn't use video card at this time, but i may be wrong. i mentioned in my first post that only WoW closes (also in the case described in the previous sentences), other games run properly even the ones that need more system resource. So can it be still caused by a video card issue? If so, video card and ESET remains. And one more question  don't you find it interesting that when WoW closes my mouse cursor speed is set back to default in windows? it occurs every time when WoW closes itself. it 's very odd.

EDIT: i eliminated all errors in my system with Error Repair Professional two days ago again and today i ran WoW again and it didn't close itself for i don't know how much time! i didn't waited for it to close (maybe it would be running up to now if i hadn't had to leave the computer). so what is going on here is very strange... and anno, when i tried unchecking all windows services, it worked in such a way that when i unchecked them all, WoW worked properly after a system restart. but when i checked them all and restarted the computer like this, WoW closed itself again. After this i unchecked the services again, and WoW worked normally again.


----------



## ketsueki13 (Jun 13, 2004)

Most people on this board do not support "Registry Cleaners" (Error Repair Professional), since they often cause more problems than they fx.
If WoW is crashing, the Error Report should come up.
If it isn't, there's a decent likelyhood a damaged install or update. This can happen for various reasons. Have you tried to run the Repair? (This can be found in your WoW folder)
I don't know what a great idea it is to run Windows with all the Windows services disabled either. I don't usually recommend messing with services as it can mess a lot up. Though, maybe someone else can comment on this.


----------



## Cadaverine (May 17, 2009)

That's right registry cleaners cause more problems... i'm experiencing it... i think i'll make a new windows reinstallation, but i have a feeling that it won't solve the problem, either.
There is no error log when WoW closes. it is as if i used alt+f4 buttons to close it, but i don't do anything. And when WoW closes, it does so very fast. When WoW worked properly, i needed to wait at least 5 seconds after i pushed the exit button to close the game and now it immediately dissappears. anyway, i thoroughly investigated this whole thing. these "crashes" aren't caused by damaged installation or patching. i tried patching back the game and the problem still persisted. and the damaged installation isn't right as well because if a file were to be corrupted for example, the installer woudn't let the installation continue and if the installer weren't to install several files, consequently, the game woudn't start. but WoW starts, and i can play for some minutes, but it closes itself without any prior sign... no error message or log... as if i closed it, but i don't do anything. something commands WoW to close, but i don't know what, no malware software found on my machine. and i tried two wow installers, and it didn't matter which i installed, the problem persisted. From this point, i am suspicious of my HDD. Because this problem turned up after a reinstallation which is always preceded by a HDD-format. i have a feeling that my windows installation cd blew up something in my HDD, and if i remember well, it formatted my pendrive too, but it was my fault. it's absolutely obvious that video card issue can't cause this in this case, because other games haven't any problem like this, and WoW closes when minimized to taskbar using 7 megabites memory and not using video card, too. Maybe i'll try two different partitions during the next reinstallation, but maybe it isn't a HDD problem, because i didn't find any bad sectors (i used both CHKDSK and another program, and they showed no problems but i'll check it with Partition Magic, too). what problems may a HDD have except for bad sectors?

"Have you tried to run the Repair?" yes i tried, but no problems found

And what do you mean by "various reasons"?

And don't anyone know why my cursor speed in windows is set back to default when WoW vanishes? because if it has an explanation, the problem may be solved


----------



## ketsueki13 (Jun 13, 2004)

A damaged install or update can happen by a program interrupting either an install or update, an update not downloading properly, a mod, Windows issues, and many other things.
As far as your mouse goes, this isn't an issue, but on purpose:


> Starting with 2.0.1 the mouse sensitivity controls in-game change your system mouse sensitivity.


If you can't get it set in game where you like it, it can be disabled, but I recommend attempting to set it in game first.
What mods, if any do you use?


----------



## Cadaverine (May 17, 2009)

Thanks for you reply. You mean addons by mods, don't you? I use for example atlasloot, bagnon, groupcalendar, cooldowncount, proximo, deadly boss mods, x-perl, and i think that's all. but these addons don't cause the problem, i shut them down, and the "crashes" persisted.

anyway, where can i disable this mouse thing?


----------



## ketsueki13 (Jun 13, 2004)

You can disable the mouse behavior by adding this line to your config.wtf:
SET useDesktopMouseSpeed "1"

Thank you for the information on your mods. I'm just trying to narrow things down a bit.
Have you gone to the Event Viewer to see if anything is in there around the time it happens?


----------



## Cadaverine (May 17, 2009)

Yes, i have, but i found nothing  maybe my windows installation cd went wrong or i don't know. my mem cards, video card, and hdd work properly. i can't think of another thing. maybe my motherboard is wrong, but if so, i think the whole machine woudn't start in this case...


----------



## ketsueki13 (Jun 13, 2004)

Check for any driver updates?
Check your device manager for any errors?
Other than that, I have to admit, I'm completely out of ideas at the this point. I'll keep looking, but I'm hoping someone will have some further ideas.


----------



## Cadaverine (May 17, 2009)

drivers are all up-to-date and WoW used to work with obselete drivers.
now i've checked device manager and have found something. Below the System Devices, some of the devices hasn't any drivers installed, for example DMA-controller, motherboard resource etc. i don't know if they had any formerly, because i didn't checked them at that time. would you be so kind as to check it for me if these devices have drivers installed in your system? Please

EDIT: i added "SET useDesktopMouseSpeed "1"" to config.wtf and mouse speed in windows is still set back to default when WoW closes and only when WoW closes, it isn't set back while WoW is running (i changed figure 1 to 0 as well, but the same here). And you needn't check if those devices mentioned above have any drivers installed, because i checked them on my bro's machine and they didn't have, so that's not the problem.


----------



## ketsueki13 (Jun 13, 2004)

Unless there's an exclamation mark next to it, there's no problem with it. My DMA-controller has no driver.
If you actually close WoW rather than having it crash, does it reset the setting, too?
Like I recommended before, try setting the sensitivity in WoW without that line in your config.
If that doesn't work, make sure you're typing it right.
It should be
SET useDesktopMouseSpeed "1"
with no quotes other than where I've put them.


----------



## Cadaverine (May 17, 2009)

yeah i did, and mouse sensitivity didn't reset in windows


----------



## Super-D-38 (Apr 25, 2002)

You said you could disable services and get WoW to work?
Have you tried one at a time to see what causes it?

Found this little program, http://www.wowinterface.com/downloads/info6663-WoWLoader.html.
It's call WoW Loader. I have never used it nor do I know how safe it is, but from the description it may help you narrow down what service could be causing your crash.
Looks easier then going into admin tools everytime.


----------



## Cadaverine (May 17, 2009)

yes, this method worked for a time, but now it doesn't. bt thanks for your help.


----------



## Cadaverine (May 17, 2009)

i seem to have found the solution. i'll write how i found he problem:
When WoW closed on its own, there was no error message and this problem occured with WoW only so these crashes couldn't be caused by a hardware issue so it was obvious that it was software related. I checked my computer with several anti-viruses, anti-spywares but as i had expected they found no malware software. my last hope was the program named Hijack This. I did a test with it and in the log file i found something interesting. it was a windows service named PSKILL.exe. Then i made a research on what it might be and i found out that it could be used to kill processes by one click. i tried it out and found a connection between the crashes and pskill.exe. when WoW closed itself, every single change i made playing lost when i launched the game again and when i killed WoW with pskill.exe the same thing happened: all my changes was lost. so i thought that it might be a process killer that closed WoW. To avoid WoW closing itself, i renamed WoW.exe and it works!!


----------



## ketsueki13 (Jun 13, 2004)

I would be worried abour your account security (among other things), if you truely suspect WoW was being closed by the process killer. I still don't see anything in your log that looked too out of place, but if you honestly think this was your problem, I would recommend get someone in the HJT log section to look at your computer.
Probably best to simply report the thread in that case.


----------



## Chrismichael (Jul 27, 2008)

Just FYI since patch 3.1 playing WOW in windowed mode will at times make the program non-responsive and crash without a error message. This seems to only happen in Vista


----------



## Cadaverine (May 17, 2009)

The problem has occured again with a new thing. What i experienced is that all my Windows Explorer windows close the Title Bar of which contains "World of Warcraft" (of course WoW closes again as well). My Windows Explorer closes a few minutes after when in World of Warcraft folder. I created on my Desktop a folder namely World of Warcraft too, i click on it and a few seconds later it closes without any prior sign just as it did with my real game folder. and i tell you that only in these cases does it happen because when i'm in another folder with Windows Explorer, nothing happens. Now it is quite clear that it is NOT a hardware related problem. I have just finished with scanning my computer and my Ad-Aware has found something suspicious. There is a picture about it at the and of this post. and here is a HiJackThis log:

EDIT: If there is another word beside "World of Warcraft", for example "World of Warcraft Trial" windows doesn't close themselves.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:20, on 2009.06.08.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7718ED91-6A81-43FC-BFE5-6A5EE4262553}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5108 bytes


----------



## Super-D-38 (Apr 25, 2002)

I don't know enough to say for sure, however I have a suspicion of "ctfmon.exe"
I was skimming through posts here; http://www.neuber.com/taskmanager/process/ctfmon.exe.html 
It seems you can close it but it will reappear, may be an issue, and its a monitor of sorts. 
With all the claims, it's hard to say if that would cause WoW to crash, but if I was trouble shooting I would probably try disabling that one.
However, if you use office and different languages, I read that stopping it can cause you to lose your language bar. Getting it back may be tough.

Many say safe keep it, some say CPU hog.... 
Just my prime suspect.  and another $.02 of advice.

And an odd line for an expert to check would be. 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
No name, no file? Is that safe?


----------



## Cadaverine (May 17, 2009)

i don't think ctfmon.exe would cause the problem. this process ran on my old systems and didn't make any harm. 

EDIT: my system restore points disappear and processes run in the backround that didn't before. and when i search for them with windows search tool it doesn't find anything and when i check these process in task manager again, they are not there already... i am suspicious of a trojan using taskkill.exe. it is quite sure that this trojan installed netchk.exe on my system, too... i managed to create a screenshot about this exe and you can see that it is also a process killer, but it is specified for WoW only. there is a picture about it at the and of this post. if it is a spyware - it is quite sure that it is - why don't my anti-viruses and anti-spywares find anything? (only an unknown one has found something: True Sword. i don't consider it to be reliable, so i haven't deleted anything with it yet) HDD formatting doesn't delete it, it cannot be a memory virus, because i have bought a new mem card recently and the problem still occurs. is it a boot virus or what? i am fed up with the fact that whatever i do, they work for a few days or weeks and the problem occurs again


----------



## ketsueki13 (Jun 13, 2004)

5C255C8A-E604-49b4-9D64-90988571CECB is part of Windows Live Messenger and should not cause a problem.
ctfmon is part of Microsoft Office and the Language Bar and should not be removed.
What is causing you to single out these files? They don't appear to be running in the HJT logs.
netchk is installed alongside some games. WoW is not one of them. The most common mention is a game called Falcon 4.
True Sword's trial version will report numerous false positives.
Let's try this. Can you run HJT and create a log while WoW is running?


----------



## Cadaverine (May 17, 2009)

Here you are. And as i said one new thing happens as well. When i enter World of Warcraft folder with Windows Explorer it will also close after a while... i create another World of Warcraft folder on Desktop, i open it and the same happens it doesn't occur when there are other words beside world of warcraft in the title bar... it seems that it doesn't matter which World of Warcraft folder i am in; in an empty or in the game folder, it will close in both cases. something doesn't really want me to play this game any more 
As for netchk.exe why was it on my machine if i never installed Falcon 4 and why did it want to kill WoW when i started it? it couldn't kill it because i renamed WoW about one and the half weeks ago to make WoW run normally. it worked, but now no matter how many times i rename it i'll close and why was pskill.exe on my machine if i never downloaded it when i really didn't downloaded it? And you can see in the picture that this netchk.exe has some connection with tcpmgr.exe. i found nothing about this tcpmgr file while googling, so what is it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:40, on 2009.06.08.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7718ED91-6A81-43FC-BFE5-6A5EE4262553}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 5730 bytes


----------



## Super-D-38 (Apr 25, 2002)

ketsueki13 said:


> 5C255C8A-E604-49b4-9D64-90988571CECB is part of Windows Live Messenger and should not cause a problem.
> ctfmon is part of Microsoft Office and the Language Bar and should not be removed.
> What is causing you to single out these files? They don't appear to be running in the HJT logs.


I picked out ctfmon only after looking at the other reports of what it is, and has been reported to do. 
In his HJT logs ctfmon.exe is running. Though I have yet to find an example of this program auto closing anything and many people have it running. Was only a guess. 

And I just googled O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) The results that come up have other people deleting this entry. Need an expert to verify that though. Just odd having no name and such.

*Edit*: Also found some steps to remove pskill if your so inclined to try them. 
http://www.spywareremove.com/removepskillexe.html
(Dont get the programs they recommend, as you never know how safe they are.)

I'm wondering if you should have this moved to security forum. See what they have to say.


----------

