TechSpot - PC Technology News and Analysis

Lately my computer has been restarting for no reason and it has also been acting a little funny. I ran HJT and here is my log file. I was wondering if any of the processes running could be a problem. Any help would be great. If anyone needs more info just respond back. Thank you so much.


Logfile of HijackThis v1.99.1
Scan saved at 3:41:32 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kyle\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 152.163.178.184:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: Clip and Edit - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
O8 - Extra context menu item: Clip and Save - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe to Feed - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra 'Tools' menuitem: Omea Add-on Options… - {35402C01-1777-4159-9ABA-3480BA70D901} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Subscribe to Feed - {35402C01-1777-4159-9ABA-3480BA70D903} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Edit - {35402C01-1777-4159-9ABA-3480BA70D905} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Clip and Save - {35402C01-1777-4159-9ABA-3480BA70D907} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O9 - Extra button: Annotate - {35402C01-1777-4159-9ABA-3480BA70D909} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.0.69.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125111825569
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37380.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

no wonder! Party poker ad fileplanet are known trojans. I don't know what jet brains is.

Did you run your anti trojan horse program? Why didn't you report the results here?

Psrty Poker I got rid of. But jet brains and fileplanet are programs that I am using and deleting these will disable them. And where did you here that fileplanet is a trojan. It is one of the biggest game download sites. I guess if it really is then i will just stick with filecloud no prob. If anyone knows if jet brains leaves a trojan let me know because that is my rss reader client.
Thanks

fileplanet comes up as a trojan under spybot if I'm not mistaken.....

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

What is this, I do not recognize that at all.

Oh thats alcohol 120.

Edit: Sorry I guess I did not explain what it was though. It is a program for burning pretty much anything and making iso's.

Did you try running both Ad-aware and Spybot and cleaning all the things they listed?

Did you run an AV check of the whole PC?

These two things should solve the problem if it's some sort of malware or virus...

I really dont see anything bad in the log except the party poker, but you said you got rid of it, so other than these two things above, I can't think of anything else for now.

i do what Arcanum said also get reg supreme pro ( this is a full function reg cleaner ) install it then update the spy ware / adware in normal mode restart in safe mode log in as administrator then run the spy ware / adware programs and Avg . after that is finshed , i would manually go thru in ur program files and delete any thing u dont reconize look in common files ( C:\program Files\common files ) and unhide files and folders and look in C:\Documents and Settings\all acounts\Application Data ,C:\Documents and Settings\all accounts\Local Settings in each folder delete those files u are not fimilar with . then after u get done deleting temp files , cache etc. etc. i would run reg supreme pro for a final clean up with a aggressive setting .

Thank you all for the help. Just joined these forums and everyone is helpful.

Well, no need to thank, one of the main reasons we are here is to help each other in problems such as this.

So, have you been able to solve your problems with the suggestions above or are you just happy for us trying to help?

Well everything recommended did help, but I am still having one problem. When I watch the CPU Usage from Ctrl Alt Del, it keeps going from 0 to 2 to 13 and in between even though i am not running anything. I know that could be normal sometimes with all the things windows runs, but my problem is that when it shows the usage going up it shows that none of the processes running are using the CPU(they are all at zero).

This is the only wierd thing but other than that thanks for the help. And if you have any suggestions on this problem let me know. Thanks

your computer is ALWAYS running something - like background services that run under XP.

When nothing and I mean nothing is running in the background and tray, and only Windows kernel, services and GUI are running, you should be seeing between 0 and 3% max - but keep your mouse still.

If it's betweeon 0 and 3% while nothing is running and you dont have anything in tray, and you kept your mouse still, everything's ok, don't worry about it

Awesome. Haha I guess I just had not ever really paid attention to it when it was idol and now I am paying way too much attention lol. Thank you all for all of the help everything is working perfect.

idol? You worship it?

I think you mean idle !

Lol Tedster I think all of us know she meant idle not 'idol'

Anyway, I'm happy we could help you and I wish you all a happy new year!