hijackthis log with pc restarting

Discussion in 'adware, spyware & hijack cleaning' started by taldy, May 6, 2004.

Thread Status:
Not open for further replies.
  1. taldy

    taldy Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    9
    would be so grateful for advice/help regarding PC restarting every time norton antivirus runs scan. Once machine restarted, get windows message "The system has recovered from a serious error". Computer only restarts when running scan. The hijackthis log lists the following:

    Logfile of HijackThis v1.97.7
    Scan saved at 20:28:15, on 06/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\BT Digital Access USB\vstartx.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\BT Digital Access USB\gisdnlog.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\System32\dwwin.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\STEPHANIE HOWELLS\My Documents\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silicon.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.silicon.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.108-big.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.108-big.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.108-big.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.108-big.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.108-big.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.108-big.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar_en_2.0.108-big.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37851.2234837963
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{432E4DDE-624D-47CA-8544-02CE2EC1296B}: NameServer = 195.92.195.95 195.92.195.94
    O17 - HKLM\System\CS1\Services\Tcpip\..\{432E4DDE-624D-47CA-8544-02CE2EC1296B}: NameServer = 195.92.195.95 195.92.195.94

    Would be very grateful for your comments. Not a wonderful techie here I'm afraid.
     
  2. taldy

    taldy Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    9
    please please help if anyone can understand my ramblings........
     
  3. Nick

    Nick Registered Member

    Joined:
    May 14, 2002
    Posts:
    187
    Location:
    California
    Hi taldy,

    I'm not an expert regarding Norton, but I don't think there is anything in the log that is causing the problems you describe. These two items shouldn't be affecting Norton.

    Please check the following and close all windows except hijackthis and click "Fix Checked"

    R3 - Default URLSearchHook is missing

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB


    Perhaps if you post the description of your problems in the Antivirus forum here, someone there may be able to help you better.
     
  4. taldy

    taldy Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    9
    thanks lots for looking at the log, I'll take your advice, and if the problem reoccurs I'll go to the antivirus forum.

    Cheers
     
Thread Status:
Not open for further replies.