| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89897 | 2008-05-15 11:46:00 | "HijackThis" logfile | smudge (13752) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 669774 | 2008-05-15 11:46:00 | Hi all, I'm a newbie here but have been referred to post on here as I heard you people are really good with this kind of stuff . My laptop has been randomly shutting itself down, it's only a couple of months old . I have avast and comodo firewall and run virus scans but it shows its clean, something definatly isn't right though!! Here's a logfile Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 10:45:17 p . m . , on 15/05/2008 Platform: Windows Vista (WinNT 6 . 00 . 1904) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng . exe C:\Windows\system32\Dwm . exe C:\Windows\Explorer . EXE C:\Windows\System32\rundll32 . exe C:\Program Files\Apoint2K\Apoint . exe C:\Program Files\HP\QuickPlay\QPService . exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL . exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP . exe C:\Program Files\Windows Defender\MSASCui . exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon . exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg . exe C:\Windows\System32\wpcumi . exe C:\Program Files\Comodo\CBOClean\BOC425 . EXE C:\Program Files\Alwil Software\Avast4\ashDisp . exe C:\Program Files\HP\HP Software Update\hpwuSchd2 . exe C:\Program Files\Comodo\Firewall\cfp . exe C:\Program Files\My Lockbox\flockbox . exe C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe C:\Windows\System32\rundll32 . exe C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\MSGTAG\MSGTAG . exe C:\Users\Owner\AppData\Local\Google\Update\1 . 1 . 25 . 0\GoogleUpdate . exe C:\Program Files\Windows Media Player\wmpnscfg . exe C:\Program Files\Apoint2K\ApMsgFwd . exe C:\Users\Owner\AppData\Local\YouTube\Uploader\yout ubeuploader . exe C:\Program Files\IncrediMail\bin\IMApp . exe C:\Program Files\Apoint2K\Apntex . exe C:\Program Files\Serif\photop60\Program\PhotoPlus . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe C:\Program Files\Hijack This\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . redirect . hp . com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop" target="_blank">ie . redirect . hp . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . redirect . hp . com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop" target="_blank">ie . redirect . hp . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2 . 1 . 1119 . 1736\s wg . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [NvSvc] RUNDLL32 . EXE C:\Windows\system32\nvsvc . dll,nvsvcStart O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [Apoint] C:\Program Files\Apoint2K\Apoint . exe O4 - HKLM\ . . \Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService . exe" O4 - HKLM\ . . \Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl . exe /Start O4 - HKLM\ . . \Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP . exe O4 - HKLM\ . . \Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui . exe -hide O4 - HKLM\ . . \Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe O4 - HKLM\ . . \Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg . exe O4 - HKLM\ . . \Run: [WPCUMI] C:\Windows\system32\WpcUmi . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425 . exe O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp . exe" -h O4 - HKLM\ . . \Run: [flockbox] C:\Program Files\My Lockbox\flockbox . exe /a O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_05\bin\jusched . exe" O4 - HKLM\ . . \Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray . exe" O4 - HKCU\ . . \Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar . exe /autoRun O4 - HKCU\ . . \Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail . exe /c O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG . exe O4 - HKUS\S-1-5-19\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\ . . \Run: [WindowsWelcomeCenter] rundll32 . exe oobefldr . dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: YouTube Uploader . lnk = C:\Users\Owner\AppData\Local\YouTube\Uploader\yout ubeuploader . exe O4 - Global Startup: Google Updater . lnk = C:\Program Files\Google\Google Updater\GoogleUpdater . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR . DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp . dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\ Yahoo! \Common\Yinsthelper . dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - . logmein . com/activex/ractrl . cab?lmi=100" target="_blank">secure . logmein . com O20 - AppInit_DLLs: C:\Windows\system32\guard32 . dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE . exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent . exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L . P . - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service . exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L . P . - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService . exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService . exe O23 - Service: PremierOpinion - PremierOpinion - C:\Windows\system32\pmservice . exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo . exe O23 - Service: XAudioService - Conexant Systems, Inc . - C:\Windows\system32\DRIVERS\xaudio . exe -- End of file - 9601 bytes Oh and when the computer shut itself down, when I turned it back on, it said this ; Problem signature: Problem Event Name: BlueScreen OS Version: 6 . 0 . 6000 . 2 . 0 . 0 . 768 . 3 Locale ID: 5129 Additional information about the problem: BCCode: 19 BCP1: 00000020 BCP2: 8433C000 BCP3: 8433CA00 BCP4: 09400000 OS Version: 6_0_6000 Service Pack: 0_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini051508-03 . dmp C:\Users\Owner\AppData\Local\Temp\WER-378583-0 . sysdata . xml C:\Users\Owner\AppData\Local\Temp\WER953C . tmp . vers ion . txt I don't like the sound of "Bluescreen" !! Not sure what it means though . Thanks in advance to anyone who can help me out . |
smudge (13752) | ||
| 669775 | 2008-05-15 19:43:00 | O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll This could probably go but wait for Speedy G to come online and check the log for you as he is really good with theses. |
gary67 (56) | ||
| 669776 | 2008-05-15 21:33:00 | When does it crash/reboot?? Anytime?? When youre using a certain program? Tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" Uninstall all versions of Sun Java, yours is out of date. Link is in my sig below Whats flockbox do?? |
Speedy Gonzales (78) | ||
| 669777 | 2008-05-15 23:27:00 | The first time it shut down, I had just opened firefox and all of a sudden it shut down, I had plugged headphones in at the same time so I thought that had something to do with it, or maybe the computer installed updates and the computer restarted automatically. The second time it did it, I had just opened up 'my documents' and it had shut down again, it seemed as soon as I did something, it would shut down. Sometimes it would be on for about 20 minutes, I could be doing anything and it would shut down again. Lock Box is safe, I have more than one person who uses this computer and to prevent things from being deleted I put them into a folder and lock it, it puts a password on the folder so nobody can access or delete that folder without the required password. I went to Java website and it says; "Congratulations! You have the recommended Java installed (Version 6 Update 5). If you want to download Java for another computer or Operating System, see all Java downloads here. " |
smudge (13752) | ||
| 669778 | 2008-05-15 23:36:00 | Sun Java is up to 6 update 6 Its here (java.sun.com) Under Java Runtime Environment (JRE) 6 Update 6 It looks like a file maybe corrupt, if it crashed, when u opened my documents You didnt download any driver updates from the Windowsupdate site (and install them) did you?? The drivers here are totally useless, and should NEVER be installed |
Speedy Gonzales (78) | ||
| 669779 | 2008-05-15 23:44:00 | Nope I didn't download anything at all. But the thing is, even when I didn't open 'my documents' it still crashed.. like if I opened firefox, or if I opened another program, Someone on my msn list has one of those virus's they keep trying to send me, I didn't accept it but not sure if its anything to do with that or not. Im uninstalling java now and downloading the new one. Thanks |
smudge (13752) | ||
| 669780 | 2008-05-15 23:57:00 | Uninstall flockbox for now, then see if it keeps crashing Since its only a few mths old, if it keeps crashing take it back to where u got it from. |
Speedy Gonzales (78) | ||
| 669781 | 2008-05-16 01:00:00 | You should be able to fix this problem by stopping the sharing service. Go to Start -> Run -> and type services.msc and OK Then go to Messenger Sharing Folders USN Journal Reader service Click on proprieties and disable it. |
Pancake (6359) | ||
| 1 | |||||