Tom's Hardware > Forum > Laptops & Notebooks > General Laptops & Notebooks > Laptop Problem HELP!! Emergency!

Laptop Problem HELP!! Emergency!

Forum Laptops & Notebooks : General Laptops & Notebooks - Laptop Problem HELP!! Emergency!

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
azndash   01-14-2009 at 05:00:34 PM

i don't know what happened with my laptop, i was surfing the net and all of a sudden i get a blue screen that says window has shut down to prevent malware or something and everytime i try to log back in, it does the same thing in a few minutes
this is my hijackthis log i really need help, i have an assignment due this friday and i can't get my laptop to work
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:51 AM, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] io&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] io&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTEMON.EXE] "C:\ProgramData\Application Data\svhost.exe" /h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/C [...] anager.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O17 - HKLM\System\CS6\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--
End of file - 6201 bytes

Add a reply
Sponsored Links
Register or log in to remove.
pondscum   01-14-2009 at 05:57:49 PM
- 0 +

What antivirus are you running? Does your computer shutdown after logging onto the net or irregardless of your connection?


Message edited by pondscum on 01-14-2009 at 05:59:32 PM
Reply to pondscum
azndash   01-14-2009 at 06:02:05 PM
- 0 +

i use avg
the computer doesn't shut down when i'm on safe mode
that's how i'm able to post
but every time i try to use system restore, it won't let me

Reply to azndash
pondscum   01-14-2009 at 06:27:53 PM
- 0 +

The free AVG? I'm not familiar enough with AVG in its various incarnations, so bear with me. Is there anyway you can do a virus scan to try and identify what malware you are dealing with?

Reply to pondscum
azndash   01-14-2009 at 06:51:12 PM
- 0 +

when i try to run avg during safe mode, it stops working half way so i can't identify it..
is there a program i can download and use during safe mode to get rid of the malware or identify it?
i just downloaded avira antivir, im not sure if it's good

Reply to azndash
pondscum   01-14-2009 at 07:06:46 PM
- 0 +

There are a number of antivirus titles you can download trials for. Im using NOD32 3.0 and it has a small footprint and would probably run in safe mode. Try http://www.eset.com

Reply to pondscum
azndash   01-14-2009 at 07:18:09 PM
- 0 +

i can't install the program in safe mode

Reply to azndash
pondscum   01-14-2009 at 07:25:09 PM
- 0 +

Do you have enough time online to do a virus scan via website before it goes wonky?

Reply to pondscum
azndash   01-14-2009 at 07:49:08 PM
- 0 +

btw, am i suppose to quarantine the detected files or delete them
what's the difference?
would they still harm me in any way if they are quarantined?

Reply to azndash
pondscum   01-14-2009 at 07:57:31 PM
- 0 +

most of the time they need to be cleaned/repaired via an antivirus program, it depends on what files are infected and what infected them

Reply to pondscum
azndash   01-14-2009 at 08:17:41 PM
- 0 +

okay i scanned it and put them in quarantine but when i go back to normal windows i still get the blue screen

Reply to azndash
pondscum   01-14-2009 at 09:00:59 PM
- 0 +

Most of the time damages require further repair. However, further repair is difficult without knowing what it was that infected your system. Did you get a report of what the scan found? Also, do you bluescreen immediately, after a few minutes of doing nothing, or when you get online via internet explorer?

Reply to pondscum
azndash   01-14-2009 at 09:26:30 PM
- 0 +

i get the blue screen after a while
im not sure if going online makes a difference since every time i log on, i go on the internet to try to fix this problem

Reply to azndash
azndash   01-14-2009 at 09:28:56 PM
- 0 +

it's viruses like these
'TR/Crypt.XPACK.Gen' [trojan]
TR/FwBypass.A.14' [trojan]

Reply to azndash
azndash   01-14-2009 at 09:30:10 PM
- 0 +

i'm not sure if these are it tho
seeing how i can't update my virus definition to the latest one
but these are the viruses that are detected

Reply to azndash
pondscum   01-15-2009 at 03:20:56 AM
- 0 +

First verify whether or not you bluescreen when not connected to the internet. If you dont bluescreen then Internet explorer is likely damaged.

1. If you dont bluescreen and you are running the free AVG, uninstall AVG and restart your computer. Then install NOD and connect to the internet only long enough to update the signatures. Disconnect from the internet and restart your computer and then run a full scan.

2. If you have paid for AVG and dont bluescreen, go online long enough to update your signatures, disconnect and restart your computer. Run a full scan, keep a copy of the scan log and contact their customer support for further help.


If you do bluescreen without being online and have a paid for version of AVG go ahead try to update your signatures and try a full scan. Even if the scan is unsuccessful, contact their customer service for further help.
If you've not paid for AVG and cant manage choice #1 things get complicated.

Reply to pondscum
Ask the community Add a reply
Tom's Hardware > Forum > Laptops & Notebooks > General Laptops & Notebooks > Laptop Problem HELP!! Emergency!
Go to:

There are 1264 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.630 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them