Options
Major problems Please HELP
I 'm having some problems with my pc 
, Please Help my pc is shutting down :shakehead . I ran Hijack this. Heres what i got.
Logfile of HijackThis v1.98.2
Scan saved at 08:19:14 م, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Ghanim Bilal\Mine dokumenter\Ny mappe\hijackthis\HijackThis.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSCC.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programfiler\NewDotNet\newdotnet3_88.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programfiler\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programfiler\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programfiler\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096993792421
O17 - HKLM\System\CCS\Services\Tcpip\..\{283DDF35-C54C-499A-A796-75CDDAC5821F}: NameServer = 130.67.15.198 130.67.60.68
THANK YOU
, Please Help my pc is shutting down :shakehead . I ran Hijack this. Heres what i got.Logfile of HijackThis v1.98.2
Scan saved at 08:19:14 م, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Ghanim Bilal\Mine dokumenter\Ny mappe\hijackthis\HijackThis.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSCC.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programfiler\NewDotNet\newdotnet3_88.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programfiler\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programfiler\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programfiler\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096993792421
O17 - HKLM\System\CCS\Services\Tcpip\..\{283DDF35-C54C-499A-A796-75CDDAC5821F}: NameServer = 130.67.15.198 130.67.60.68
THANK YOU
0
Comments
Thank you 4 your reply
I dont know if i have Hardware problem,but my system is shutting down !
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programfiler\QuickSearch\QuickSearchBar1_27.dll O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
Fix those entries then find and delete the following folders:
C:\Programfiler\NewDotNet\
C:\Programfiler\QuickSearch\
Then reboot and post a new log.
I fix your marks , and this is the new log:
Logfile of HijackThis v1.98.2
Scan saved at 01:27:39 م, on 13/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Ghanim Bilal\Mine dokumenter\Ny mappe\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programfiler\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.3000.1001\no\msntb.dll
O3 - Toolbar: Adorons Easy Security - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - C:\Programfiler\Enigma Software Group\Adorons Easy Security\ETB.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SpyHunter] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: www.kycgroup.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096993792421
Thank you
Regards
NAQSH
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
Also fix those entries and find and delete "Advanced System Optimizer", then reboot and post a new log.
Still having shutting down problem ,, and every time the pc restart i find this line added in Registry RUN :%systemroot%\system32\dumprep 0 -k
New log:
Logfile of HijackThis v1.98.2
Scan saved at 01:25:01 ص, on 14/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\Documents and Settings\Ghanim Bilal\Mine dokumenter\Ny mappe\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: www.4naqsh.com
O15 - Trusted Zone: www.altavista.com
O15 - Trusted Zone: www.angelfire.com
O15 - Trusted Zone: http://home.comcast.net
O15 - Trusted Zone: www.kycgroup.com
O15 - Trusted Zone: www.tawhidline.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096993792421
Regards
but it was a serious question tough...
No message
it say anything and just goes BOOM!
regards