TechSpot

Winxp Problem

By winxphelp
Apr 1, 2005
  1. I have windows xp sp2, and this is my second time getting a error like this. It says """ The Instruction at "0x021d0065" referenced memory at "0x00000000". The memory could not be "written". Click ok to terminate or CANCEL to debug. I mean the top number always changed when i try to open a folder up, and that is any folder including My Computer.

    Here is my hijackfile HELP PLZ

    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:05 PM, on 4/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Norton Personal Firewall\ISSVC.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Documents and Settings\erd\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {03988C07-315E-9CF4-3741-066EC5486C96} - D:\WINDOWS\system32\cryc.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [syssd32.exe] D:\WINDOWS\syssd32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apibu32.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ISSVC.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  2. Justin

    Justin TS Rookie Posts: 942

    This could be bad memory. Download and install memtest86 (google for memtest86) to a floppy or CD, then use it to test your RAM.
     
  3. triplate

    triplate TS Rookie Posts: 134

    Start here....R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129 ....
     
  4. winxphelp

    winxphelp TS Rookie Topic Starter

    ok deleted those here is my new log file i still get the error

    Logfile of HijackThis v1.99.1
    Scan saved at 12:24:53 AM, on 4/2/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Norton Personal Firewall\ISSVC.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Avant Browser\avant.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\atlyo32.exe
    D:\WINDOWS\syssd32.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Documents and Settings\erd\Desktop\HijackThis.exe
    D:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: (no name) - {03988C07-315E-9CF4-3741-066EC5486C96} - D:\WINDOWS\system32\cryc.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [atlyo32.exe] D:\WINDOWS\atlyo32.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunOnce: [syssd32.exe] D:\WINDOWS\syssd32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apibu32.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ISSVC.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
    syssd32.exe

    Next, run HijackThis on its own, place a tickmark in front of:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\xphpx.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {03988C07-315E-9CF4-3741-066EC5486C96} - D:\WINDOWS\system32\cryc.dll
    O4 - HKLM\..\RunOnce: [syssd32.exe] D:\WINDOWS\syssd32.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apibu32.exe (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

    Now click on 'Fix Checked'.
    When done, delete the highlighted bold files.
    Boot normal. When all OK, switch System Restore back on.

    The program 'syssd32.exe' could also have been the source of your crashes.
     
  6. winxphelp

    winxphelp TS Rookie Topic Starter

    This is my new hijack file

    Logfile of HijackThis v1.99.1
    Scan saved at 2:05:08 AM, on 4/2/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Norton Personal Firewall\ISSVC.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\Program Files\Avant Browser\avant.exe
    D:\Documents and Settings\erd\Desktop\HijackThis.exe

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to AD Black List - D:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - D:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Highlight - D:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - D:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - D:\Program Files\Avant Browser\Search.htm
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apibu32.exe (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ISSVC.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    Everything seems to be working perfect now thanks alot guys. I will msg you if it happens again.I love you guys alot for this. I build websites so i had alot of info on my pc. THNX ALOT.
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You forgot one:
    O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - D:\WINDOWS\system32\apibu32.exe (file missing)
     
  8. winxphelp

    winxphelp TS Rookie Topic Starter

    ahh yea that one it won't let me get rid of it at all even in safe mode i don't know how im going to do it. Got any ideas???
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    When you fix a O23 entry Hijackthis will change the startup for this service to disabled, stop the service, and then ask the user to reboot. It will not delete the actual service from the registry or the file it points to. In order to delete the service you will need to know the service name. This name is the text between the parenthesis. If the display name is the same as the service name, then it will not list the service name.

    There are three methods you can use to delete the service key:

    1. Delete it using XP's SC command you would type the following from a command prompt:

    sc delete servicename

    To delete the service using a registry file you can use the following example:

    2. Use a registry file to delete a service. The below registry file is an example of how to remove Angelex.exe Bargain buddy variant:

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISEXENG]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISEXEng]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISEXENG]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISEXEng]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ISEXENG]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ISEXEng]

    3. Use HijackThis to delete the service. You can click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then enter the service name and press OK.


    Be careful when removing items listed in these keys as for the most part they are legitimate. When researching programs found in an O23 entry you can consult these searchable O23 Lists:

    http://www.antispyware.nextdesigns.net/023l.php

    http://www.fbeej.dk/O23s.htm

    As always Google is an excellent tool to determine if the file found in a O23 is valid.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...