TechSpot

Computer restarting for no reason and acting funny.

By KDaughtry
Dec 28, 2005
Topic Status:
Not open for further replies.
  1. Lately my computer has been restarting for no reason and it has also been acting a little funny. I ran HJT and here is my log file. I was wondering if any of the processes running could be a problem. Any help would be great. If anyone needs more info just respond back. Thank you so much.


    Logfile of HijackThis v1.99.1
    Scan saved at 3:41:32 PM, on 12/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Kyle\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.163.178.184:80
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O8 - Extra context menu item: Clip and Edit - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
    O8 - Extra context menu item: Clip and Save - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Subscribe to Feed - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Omea Add-on Options… - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O9 - Extra button: Subscribe to Feed - {35402C01-1777-4159-9ABA-3480BA70D903} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O9 - Extra button: Clip and Edit - {35402C01-1777-4159-9ABA-3480BA70D905} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O9 - Extra button: Clip and Save - {35402C01-1777-4159-9ABA-3480BA70D907} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O9 - Extra button: Annotate - {35402C01-1777-4159-9ABA-3480BA70D909} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125111825569
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    no wonder! Party poker ad fileplanet are known trojans. I don't know what jet brains is.

    Did you run your anti trojan horse program? Why didn't you report the results here?
  3. KDaughtry

    KDaughtry TS Rookie Topic Starter

    Psrty Poker I got rid of. But jet brains and fileplanet are programs that I am using and deleting these will disable them. And where did you here that fileplanet is a trojan. It is one of the biggest game download sites. I guess if it really is then i will just stick with filecloud no prob. If anyone knows if jet brains leaves a trojan let me know because that is my rss reader client.
    Thanks
  4. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    fileplanet comes up as a trojan under spybot if I'm not mistaken.....
  5. beerabuser30

    beerabuser30 TS Enthusiast Posts: 294

    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    What is this, I do not recognize that at all.
  6. KDaughtry

    KDaughtry TS Rookie Topic Starter

    Oh thats alcohol 120.

    Edit: Sorry I guess I did not explain what it was though. It is a program for burning pretty much anything and making iso's.
  7. Arcanum

    Arcanum TS Rookie Posts: 202

    Did you try running both Ad-aware and Spybot and cleaning all the things they listed?

    Did you run an AV check of the whole PC?

    These two things should solve the problem if it's some sort of malware or virus...

    I really dont see anything bad in the log except the party poker, but you said you got rid of it, so other than these two things above, I can't think of anything else for now. :(
  8. DragonFury

    DragonFury TS Rookie Posts: 88

    i do what Arcanum said also get reg supreme pro ( this is a full function reg cleaner ) install it then update the spy ware / adware in normal mode restart in safe mode log in as administrator then run the spy ware / adware programs and Avg . after that is finshed , i would manually go thru in ur program files and delete any thing u dont reconize look in common files ( C:\program Files\common files ) and unhide files and folders and look in C:\Documents and Settings\all acounts\Application Data ,C:\Documents and Settings\all accounts\Local Settings in each folder delete those files u are not fimilar with . then after u get done deleting temp files , cache etc. etc. i would run reg supreme pro for a final clean up with a aggressive setting .
  9. KDaughtry

    KDaughtry TS Rookie Topic Starter

    Thank you all for the help. Just joined these forums and everyone is helpful.
  10. Arcanum

    Arcanum TS Rookie Posts: 202

    Well, no need to thank, one of the main reasons we are here is to help each other in problems such as this.

    So, have you been able to solve your problems with the suggestions above or are you just happy for us trying to help? :)
  11. KDaughtry

    KDaughtry TS Rookie Topic Starter

    Well everything recommended did help, but I am still having one problem. When I watch the CPU Usage from Ctrl Alt Del, it keeps going from 0 to 2 to 13 and in between even though i am not running anything. I know that could be normal sometimes with all the things windows runs, but my problem is that when it shows the usage going up it shows that none of the processes running are using the CPU(they are all at zero).

    This is the only wierd thing but other than that thanks for the help. And if you have any suggestions on this problem let me know. Thanks
     
  12. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    your computer is ALWAYS running something - like background services that run under XP.
  13. Arcanum

    Arcanum TS Rookie Posts: 202

    When nothing and I mean nothing is running in the background and tray, and only Windows kernel, services and GUI are running, you should be seeing between 0 and 3% max - but keep your mouse still.

    If it's betweeon 0 and 3% while nothing is running and you dont have anything in tray, and you kept your mouse still, everything's ok, don't worry about it :)
  14. KDaughtry

    KDaughtry TS Rookie Topic Starter

    Awesome. Haha I guess I just had not ever really paid attention to it when it was idol and now I am paying way too much attention lol. Thank you all for all of the help everything is working perfect. :)
  15. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    idol? You worship it?

    I think you mean idle !
  16. Arcanum

    Arcanum TS Rookie Posts: 202

    Lol Tedster I think all of us know she meant idle not 'idol' :)

    Anyway, I'm happy we could help you and I wish you all a happy new year!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.