# Windows shuts down with blue screen, allows pop-ups, and installs programs



## dragonweilder (Jul 21, 2005)

My computer is shutting down with a loggon error, pop-ups are showing up on my computer, and WinFixer 2005 will install itself after I've uninstalled it everytime I restart my computer. Please help me if you can, thank you.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 2:54:18 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\WinFixer 2005\wfx5.exe
C:\PROGRA~1\ZipNAll\ZipNAll.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faytechcc.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faytechcc.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.faytechcc.edu"); (C:\Documents and Settings\computer labs\Application Data\Mozilla\Profiles\default\3bpqdzxc.slt\prefs.js)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll (file missing)
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121968664634
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\wlreg.dll
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe


End of KRC HijackThis Analyzer Log.
====================================================================


----------



## Real_Bullet (May 2, 2005)

solution for that winfixer 2005 is go to registry by typing regedit in run.

use the find feature and delete it out of there.

also download ad-aware at www.downloads.com


----------



## Ambrocious (Jul 23, 2005)

Here are some simple solutions to what sounds like a bad problem.


(SpywareBlaster)
http://www.download.com/SpywareBlaster/3000-8022_4-10396039.html?tag=lst-0-1

(Spybot Search & Destroy)
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1


(( Webroot Spy Sweeper


http://anonym.to/?http://sales.webroot.com/downloads/registered/links/sspsetup1_95879358.exe 

& http://nsane.php5.sk/dm-ssf18.rar ))


(Ad-Aware SE Professional)
http://anonym.to/?http://www.lavasoft.de/auth/pjJacqRXrkUs/bUacgQXUfZUS/aawsepro.exe

(Microsoft Anti-Spyware BETA 1)
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA967

1&displaylang=en

(NoAdWare 3.0)
http://f2.grp.yahoofs.com/v1/sMnZQo...2B Keygen.zip


(For Computer CleanUp!)
(CleanUp! 4.0)
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe


----------

