| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96777 | 2009-01-22 07:54:00 | odd computer behaviour, with hijackthis log, please help | powerover (12121) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 741099 | 2009-01-22 07:54:00 | about a few days ago my lappy started behaving oddly. 1. any online video only plays the first two seconds, then it will stuck there. (fixed by uninstalling and reinstalling firefox). 2. no sound comes out of any online video. (fixed by uninstalling and reinstalling firefox). 3. any website i visit (including pressf1), will have new windows popping up annoying advertisements, I added the pop up website into the pop up black list of firefox, no help. (yet to be fixed) 4. spybot won't update, I uninstalled it and now I can't reinstall it, it said that "error sending request, the server name or address could not be resolved."(yet to be fixed) 5. I downloaded malwarebytes, it installed successfully, did a scan, about 1 quarter of the way through it stopped, said there is some kind of error, then I clicked ok then it keep scanning again, about half way through it found 2 infected files or something like that, and then the next thing i know the BLUE SCREEN OF DEATH popped up...what the hell??? (yet to be fixed) here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:59 p.m., on 22/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\sttray.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE E:\altium\DXP.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{05C5BB88-8180-4B20-ACEC-5B87FC24E3AF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{06634B94-7DE7-47CC-A306-5EA6DF5BEE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{7353F784-063F-48F6-9357-3BADB534E5DE}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{05C5BB88-8180-4B20-ACEC-5B87FC24E3AF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{05C5BB88-8180-4B20-ACEC-5B87FC24E3AF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 5916 bytes would anyone please tell me what is going on? I am using windows vista bussiness. thnks for the help in advance cheers. |
powerover (12121) | ||
| 741100 | 2009-01-22 08:09:00 | Uninstall Java its out of date, then update it Disable windows defender. Uninstall AVG then update it / use another AV program What did the error say in malwarebytes? Be specific WHAT does the BSOD say?? WHEN exactly does it crash?? While youre updating or anytime. If anytime WHAT are you doing at the time? |
Speedy Gonzales (78) | ||
| 741101 | 2009-01-22 08:11:00 | Nothing bad in the log....maybe this virus is in real deep?... | Blam (54) | ||
| 741102 | 2009-01-22 08:24:00 | Get trojan remover below update it then scan. Then select all options under utilities | Speedy Gonzales (78) | ||
| 741103 | 2009-01-22 08:48:00 | thnks for the help! for speedy's information: malwarebytes was scanning the computer when the blue screen of death happened, shortly before that the error poped up, i can't really remember what it said, but it has an error code like 667, or 776, or something like that (only 3 digit and only containing the number 6 and 7). what does BSOD mean? once again thnks for the help, keep it up guys! cheers :thumbs: |
powerover (12121) | ||
| 741104 | 2009-01-22 08:50:00 | [edit: removing suspect link] is one of the pop up ads, it poped up right after i posted the reply...... |
powerover (12121) | ||
| 741105 | 2009-01-22 08:50:00 | BSOD-Blue screen of death What did it say on the BSOD? |
Blam (54) | ||
| 741106 | 2009-01-22 19:11:00 | Oh, thnks blam6. it appeared only for a few seconds then it rebooted, but what i saw was that it said it has some kind of hardware problem. for Speedy's information: trojan remover did find something, one of them is within the firefox. it found about 10 badies in total. it required a reboot, after that I tried to install spybot again, this time it installed, but right after that this appeared: unable to execute file C:\***\***\***\spybotSD.exe create precess failed, code 740. the requested operation requires elevation. I clickded closed, then double click on the icon on the desktop but it launched the program successfully. should i do anymore hijackthis logs? or anything else i should do? by the way how do i delete or update Java? thnks for the help guys. :thumbs: |
powerover (12121) | ||
| 741107 | 2009-01-22 19:24:00 | unable to execute file C:\***\***\***\spybotSD.exe create precess failed, code 740. the requested operation requires elevation. Its the way you you installed it, by the sounds of it According to this (forums.spybot.info) by the way how do i delete or update Java? Uninstall it in add/remove programs. Or get ccleaner (www.ccleaner.com) and uninstall it The link for Java is below Is it running better than before now?? If trojan remover removed some things? |
Speedy Gonzales (78) | ||
| 741108 | 2009-01-22 21:43:00 | Done, thnks for the help guys. :D | powerover (12121) | ||
| 1 | |||||