Sign in with
Sign up | Sign in
Your question

Laptop Problem HELP!! Emergency!

Last response: in Laptops & Notebooks
Share
January 14, 2009 2:00:34 PM

i don't know what happened with my laptop, i was surfing the net and all of a sudden i get a blue screen that says window has shut down to prevent malware or something and everytime i try to log back in, it does the same thing in a few minutes
this is my hijackthis log i really need help, i have an assignment due this friday and i can't get my laptop to work
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:51 AM, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTEMON.EXE] "C:\ProgramData\Application Data\svhost.exe" /h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISData...
O17 - HKLM\System\CCS\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O17 - HKLM\System\CS6\Services\Tcpip\..\{00A7E78F-2F17-400E-9492-E77984354E09}: NameServer = 64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--
End of file - 6201 bytes
January 14, 2009 2:57:49 PM

What antivirus are you running? Does your computer shutdown after logging onto the net or irregardless of your connection?
January 14, 2009 3:02:05 PM

i use avg
the computer doesn't shut down when i'm on safe mode
that's how i'm able to post
but every time i try to use system restore, it won't let me
Related resources
January 14, 2009 3:27:53 PM

The free AVG? I'm not familiar enough with AVG in its various incarnations, so bear with me. Is there anyway you can do a virus scan to try and identify what malware you are dealing with?
January 14, 2009 3:51:12 PM

when i try to run avg during safe mode, it stops working half way so i can't identify it..
is there a program i can download and use during safe mode to get rid of the malware or identify it?
i just downloaded avira antivir, im not sure if it's good
January 14, 2009 4:06:46 PM

There are a number of antivirus titles you can download trials for. Im using NOD32 3.0 and it has a small footprint and would probably run in safe mode. Try http://www.eset.com
January 14, 2009 4:18:09 PM

i can't install the program in safe mode
January 14, 2009 4:25:09 PM

Do you have enough time online to do a virus scan via website before it goes wonky?
January 14, 2009 4:49:08 PM

btw, am i suppose to quarantine the detected files or delete them
what's the difference?
would they still harm me in any way if they are quarantined?
January 14, 2009 4:57:31 PM

most of the time they need to be cleaned/repaired via an antivirus program, it depends on what files are infected and what infected them
January 14, 2009 5:17:41 PM

okay i scanned it and put them in quarantine but when i go back to normal windows i still get the blue screen
January 14, 2009 6:00:59 PM

Most of the time damages require further repair. However, further repair is difficult without knowing what it was that infected your system. Did you get a report of what the scan found? Also, do you bluescreen immediately, after a few minutes of doing nothing, or when you get online via internet explorer?
January 14, 2009 6:26:30 PM

i get the blue screen after a while
im not sure if going online makes a difference since every time i log on, i go on the internet to try to fix this problem
January 14, 2009 6:28:56 PM

it's viruses like these
'TR/Crypt.XPACK.Gen' [trojan]
TR/FwBypass.A.14' [trojan]
January 14, 2009 6:30:10 PM

i'm not sure if these are it tho
seeing how i can't update my virus definition to the latest one
but these are the viruses that are detected
January 15, 2009 12:20:56 AM

First verify whether or not you bluescreen when not connected to the internet. If you dont bluescreen then Internet explorer is likely damaged.

1. If you dont bluescreen and you are running the free AVG, uninstall AVG and restart your computer. Then install NOD and connect to the internet only long enough to update the signatures. Disconnect from the internet and restart your computer and then run a full scan.

2. If you have paid for AVG and dont bluescreen, go online long enough to update your signatures, disconnect and restart your computer. Run a full scan, keep a copy of the scan log and contact their customer support for further help.


If you do bluescreen without being online and have a paid for version of AVG go ahead try to update your signatures and try a full scan. Even if the scan is unsuccessful, contact their customer service for further help.
If you've not paid for AVG and cant manage choice #1 things get complicated.
!