City of Heroes: Live Forum Archive

Constant Client Crashing

dansul

By dansul,
Posted on: 2009-08-12 20:42 in ALL ACCESS Gameplay Technical Issues Bugs

 

Posted

Over the last day or two, I've been getting Client Crashing to the desktop.

Included is the CoH Helper & Hijack This reports...

HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:30 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://boards.cityofheroes.com/forumdisplay.php?f=547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evga.com/login.asp
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: MSOFFICE.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -

http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -

http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 5664 bytes

CoH Helper:

---System information gathered by CoH Helper version 0.1.1.7---

DxDiag gathered at August 12, 2009 22:35 (-05:00)
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.090206-1234)
System Manufacturer: Gigabyte Technology Co., Ltd.
System Model: EP45-DS3L
BIOS: Award Modular BIOS v6.00PG
Central Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz (2 CPUs)
Memory: 2046MB
.Net Memory Report: 1502MB out of 2046MB available
Page File: 3363MB (575MB currently in use)
C Drive: (MAXTOR STM3160812AS) 66224MB out of 76308MB (86%) free
D Drive: (MAXTOR STM3160812AS) 38188MB out of 57231MB (66%) free
S Drive: (Maxtor 7Y250M0) 190522MB out of 239366MB (79%) free
E Drive: (TSSTcorp CD/DVDW SH-S182M) zero-size drive
Windows directory location: C:\WINDOWS
DirectX: DirectX 9.0c (4.09.0000.0904)
DirectX Diag version: 5.03.2600.5512 (32-bit version)

Display Notes: No problems found.
Sound Notes: No problems found.
Input Notes: No problems found.

Monitor: Default Monitor
Monitor's Max Resolution: (blank)
Video Device Name: NVIDIA GeForce 9500 GT
Manufacturer / Chip: NVIDIA / GeForce 9500 GT
Video Memory: 1024.0 MB
Driver Version: 6.14.0011.9038
Driver Date: 7/14/2009 1:54:00 PM
Driver Language: English

Sound Device Description: Realtek HD Audio output
Driver File: RtkHDAud.sys
Driver Version: [color:yellow]5.10.0000.5653[/color]
Driver Date: [color:yellow]6/26/2008 10:24:56 PM[/color]


WMI Information
Motherboard Manufacturer: Gigabyte Technology Co., Ltd.
Motherboard Model: (empty)
Motherboard Product: EP45-DS3L
Motherboard Version: x.x
BIOS Manufacturer: Award Software International, Inc.
BIOS Name: Award Modular BIOS v6.00PG
BIOS Version: GBT - 42302e31
BIOS Release: 20080818000000.000000+000

Registry Information for Current User
Resolution: 1280x1024
3D Resolution: 1280x1024 (Not using renderscale)
Full Screen: Yes
Maximized: No
Screen Position: 0, 0
Refresh Rate: 60Hz
Vertical Sync Enabled: Yes

Physics Quality: Medium
Maximum Particles: 50000
Max Particle Fill? 10.000
Physics Card Enabled: No

Anti-aliasing: None
Anisotropic Filtering: 4x
Texture LOD Bias: Smooth
Water Effects: High Quality
Bloom: 1.000 (turned on)
Depth of Field Enabled: Yes
Desaturation Effects (Sepia) Enabled: Yes
Shader Detail: High

World Texture Level: Very High
Character Texture Level: Very High
World Detail Level (Vis_Scale): 1.000
Entity Detail Level: 1.000
Shadows Enabled: Yes
Gamma Correction: 1.000
Geometry Buffers (VBOs) Enabled: Yes
Suppression of Extra Player FX Enabled: No
Suppression of FX When Camera Close Enabled: No
Close Suppression Range: 3.000
Show Advertisements: Yes

Audio Mode: Performance
3D Audio: Yes
FX Sound Volume: 0.103
Music Sound Volume: 0.103

Show Advanced Graphics Options: No
Overall Graphics Quality: 0.600
Reverse Mouse Buttons: No
Save Login Username: Yes
Transfer Rate: 38686 bytes/second
Current Game Version: 19.20090716.3T
Installation Directory: D:\City of Heroes

Mod files in the Data directory
No modifications found

Thank you for the time...

@Travlr (Main) / @Tymers Realm (Test)

Arc 5299: Magic, Mystery, and Mayhem Updated!! 09/15/09

 

Posted

Quote:
Originally Posted by Tymers_Realm View Post

O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
You are infected. That is the host for the Spyware Protect 2009 malware/hijacker. It causes serious system perfomance issues, and will get worse the longer it is allowed to stay on your computer. Download Malwarebytes Anti-Malware and install it. Update it and then run a scan. Let it remove anything it finds.

When it finishes, re-run HijackThis and post a new log from it. A new CoH Helper log is not needed.

If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.

Black Pebble is my new hero.

 

Posted

If Malwarebytes doesn't find anything I recommend The Cleaner from http://www.moosoft.com with the same instructions.

 

Posted

Quote:
Originally Posted by dansul View Post
If Malwarebytes doesn't find anything I recommend The Cleaner from http://www.moosoft.com with the same instructions.
I've removed this one with Malwarebytes often enough to know it will get rid of it. I haven't run across any of the variants of that particular piece of malware that Malwarebytes doesn't remove as long as you update it first to get the latest definitions/detections/removals.

If the game spit out 20 dollar bills people would complain that they weren't sequentially numbered. If they were sequentially numbered people would complain that they weren't random enough.

Black Pebble is my new hero.

 

Posted

Quote:
Originally Posted by Texas_Justice View Post
You are infected. That is the host for the Spyware Protect 2009 malware/hijacker. It causes serious system perfomance issues, and will get worse the longer it is allowed to stay on your computer. Download Malwarebytes Anti-Malware and install it. Update it and then run a scan. Let it remove anything it finds.

When it finishes, re-run HijackThis and post a new log from it. A new CoH Helper log is not needed.

I did as you suggested. I got the free version of the software (I am not in a position to purchase any full-featured products right now).

It did find 4 trojans and took care of them. Upon running another Hijack, the hosts listed in your quote are still showing up.

But just to make sure...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:24 AM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.cityofheroes.com/forumdisplay.php?f=547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evga.com/login.asp
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MSOFFICE.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 5691 bytes


Thank you for the time...

@Travlr (Main) / @Tymers Realm (Test)

Arc 5299: Magic, Mystery, and Mayhem Updated!! 09/15/09