Computer Crashed

Question

My friend has had trouble with her HP computer for about a week now.  She had an older version of Norton on her computer, so she bought the new one, and installed it.  No viruses came up.  She ran Search and Destroy, as well as Ad-Aware.  Again, nothing.  Her boyfriend has looked at it, even the school tech. guy.  No one knows what's wrong with it.  The tech guy told her to get it fixed at Best Buy, but she doesn't have the money to get it fixed, so we're trying to figure it out ourselves and fix it.  Her problem is that she can't get online.  Her comptuer is configured corectly, and she hasn't manually changed anything, so doesn't understand what's going on.  I've been trying to boggle my brain, but can't figure anything out myself.   I know this is a Dell Forum, but you have all been so helpful to me and I thought by writing in, at the very least, you might be able to help me (and her) throw some possible ideas around as to what's wrong, or at least guide us in that direction (another site, etc.)    I put her HijackThis log on a disk and here it is:   Logfile of HijackThis v1.98.2 Scan saved at 4:01:51 PM, on 10/12/2004 Platform: Windows XP  (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Norton AntiVirus
avapsvc.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\System32\S3tray2.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\RUNDLL32.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\LTMSG.exe C:\Program Files\Microsoft IntelliType Pro	ype32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Logitech\ImageStudio\LowLight.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Documents and Settings\Owner\Desktop\other virus tools\stinger.exe C:\Program Files\Messenger\msmsgs.exe A:\HijackThis.exe A:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref('browser.startup.homepage', ' http://home.netscape.com/bookmark/7_1/home.html'); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\wxccbwyb.slt\prefs.js) N3 - Netscape 7: user_pref('browser.search.defaultengine', 'engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src'); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\wxccbwyb.slt\prefs.js) O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32
vms.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file) O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [StorageGuard] 'C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe' -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [LimeShop] wjview /cp 'C:\Program Files\LimeShop\System\Code' Main lp: 'C:\Program Files\LimeShop' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe 'C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll',cdaEngineMain O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [type32] 'C:\Program Files\Microsoft IntelliType Pro	ype32.exe' O4 - HKLM\..\Run: [IntelliPoint] 'C:\Program Files\Microsoft IntelliPoint\point32.exe' O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41441US O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Broken Internet access because of LSP provider 'c:\windows\webhdll.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916560546 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak02.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.2.0.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab   I don't know if because she's got an HP it'll make a difference.  Please help.  Thank you in advance.

volcano11 · Answer

Before anyone can help, you need to describe the symptoms of the problem. You say the computer crashed, but what was running when it "crashed"? What exactly do you mean by "crashed"? Did it give any error messages? Did it just stop running? Did it reboot? Note that the HijackThis experts do not reside on this forum and most have moved to other forums. But before anyone deals with the HijackThis log, you really need to describe the problem the computer is having.

Steve

jc11gurl · Answer

Her computer began not working on Monday of last week (10/4).  She went to an AIM icon site that she's been to many a time before.  She searched around on this site for about five minutes.  When she pressed on a link to go somewhere else on the site (not a banner link, etc), a blank white screen came up and the 'End Now' box came up.  She clicked end now and tried to get back onto Internet Exploror.  When she did this, the pages came up blank again.  She unplugged her internet right away, thinking maybe she had a virus on there.  She ran her Norton Program (not updated at this time, she didn't know it was an old version).  Norton came up with no programs (probably had to do with the fact that it was out-of-date).  Then she ran Ad-Aware.  Several spyware programs were shown, she got rid of them all and ran the program again until nothing came up.  She tried plugging in her ethernet cord into another outlet, that did not work on her computer.  She plugged her ethernet cord into her roommates computer.  It worked on her computer.  Still not on my friend's.  She hasn't been able to get back online since last Monday.  Tech guy looked at it.  Coudln't figure it out (they aren't all that brilliant here, so I'm not surprised, he more of less just didn't have time to check it out).  Told her to bring it to Best Buy.  She can't afford to do so, so we're trying to figure it out ourselves. Also, she bought the newest version of Norton AnitVirus, installed it, ran it.  Nothing came up.  Virus hasn't done anything else to her computer (no popups, etc).  Can't figure out why this is happening.   If you can help I would appreciate it (and so would she) very much.  Thank you!

jc11gurl · Answer

One addition comment-computer did restart several times on its own.  This was the first few times she had started running Ad-Aware.  It would get halfway through the scan and then it would shut off her computer and restart.

volcano11 · Answer

So from what you say, it appears that the problem is not a network problem, but rather a software problem with Internet Explorer, and with the exception of Intenet Explorer, the computer functions OK. Is that correct? To see if you can restore internet access through Internet Explorer, download and run winsock xp fix from the following site:

http://www.spychecker.com/program/winsockxpfix.html

Looking at the HijackThis log, there appears to be lots of non-essential things running on the computer and there are still traces of spyware that have not been removed. It looks like LimeWire was once installed, and Limewire brings with it all kinds of garbage. See if you can remove Limeshop and any other Limewire related programs from Control Panel > Add/Remove Programs. Also see if you can remove WildTangent using the same method. Then, try to eliminate all non-essential programs from from running at startup. There are lots of HP and Logitech specific programs that may or may not be essential. Go to the following site and see which programs can be disabled from startup in msconfig using the comphrehensive list of startup programs available at that site:

http://www.pacs-portal.co.uk/startup_index.htm

Once this has been done, then run Spybot and Ad-Aware again, making sure that you are using the latest spyware definitions that can be downloaded from within these programs.

If that still doesn't solve the problem, create another (cleaner) HijackThis log and post it on one of the following sites where the HijackThis experts can offer further advice:

http://subratam.org/
http://www.zerosrealm.com/forums/
http://www.bleepingcomputer.com/

Steve

Networking, Internet, & Bluetooth

Was this post helpful?