Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jc11gurl

44 Posts

9481

October 12th, 2004 19:00

Computer Crashed

My friend has had trouble with her HP computer for about a week now.  She had an older version of Norton on her computer, so she bought the new one, and installed it.  No viruses came up.  She ran Search and Destroy, as well as Ad-Aware.  Again, nothing.  Her boyfriend has looked at it, even the school tech. guy.  No one knows what's wrong with it.  The tech guy told her to get it fixed at Best Buy, but she doesn't have the money to get it fixed, so we're trying to figure it out ourselves and fix it.  Her problem is that she can't get online.  Her comptuer is configured corectly, and she hasn't manually changed anything, so doesn't understand what's going on.  I've been trying to boggle my brain, but can't figure anything out myself.
 
I know this is a Dell Forum, but you have all been so helpful to me and I thought by writing in, at the very least, you might be able to help me (and her) throw some possible ideas around as to what's wrong, or at least guide us in that direction (another site, etc.) 
 
I put her HijackThis log on a disk and here it is:
 
Logfile of HijackThis v1.98.2
Scan saved at 4:01:51 PM, on 10/12/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\S3tray2.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\other virus tools\stinger.exe
C:\Program Files\Messenger\msmsgs.exe
A:\HijackThis.exe
A:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", " http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\wxccbwyb.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\wxccbwyb.slt\prefs.js)
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [LimeShop] wjview /cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41441US
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\webhdll.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916560546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak02.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.2.0.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
 
I don't know if because she's got an HP it'll make a difference.  Please help.  Thank you in advance.

volcano11

2 Intern

 • 

28K Posts

October 12th, 2004 19:00

Before anyone can help, you need to describe the symptoms of the problem.  You say the computer crashed, but what was running when it "crashed"?  What exactly do you mean by "crashed"? Did it give any error messages? Did it just stop running?  Did it reboot?  Note that the HijackThis experts do not reside on this forum and most have moved to other forums.  But before anyone deals with the HijackThis log, you really need to describe the problem the computer is having.

Steve

jc11gurl

44 Posts

October 12th, 2004 20:00

Her computer began not working on Monday of last week (10/4).  She went to an AIM icon site that she's been to many a time before.  She searched around on this site for about five minutes.  When she pressed on a link to go somewhere else on the site (not a banner link, etc), a blank white screen came up and the "End Now" box came up.  She clicked end now and tried to get back onto Internet Exploror.  When she did this, the pages came up blank again.  She unplugged her internet right away, thinking maybe she had a virus on there.  She ran her Norton Program (not updated at this time, she didn't know it was an old version).  Norton came up with no programs (probably had to do with the fact that it was out-of-date).  Then she ran Ad-Aware.  Several spyware programs were shown, she got rid of them all and ran the program again until nothing came up.  She tried plugging in her ethernet cord into another outlet, that did not work on her computer.  She plugged her ethernet cord into her roommates computer.  It worked on her computer.  Still not on my friend's.  She hasn't been able to get back online since last Monday.  Tech guy looked at it.  Coudln't figure it out (they aren't all that brilliant here, so I'm not surprised, he more of less just didn't have time to check it out).  Told her to bring it to Best Buy.  She can't afford to do so, so we're trying to figure it out ourselves. Also, she bought the newest version of Norton AnitVirus, installed it, ran it.  Nothing came up.  Virus hasn't done anything else to her computer (no popups, etc).  Can't figure out why this is happening.
 
If you can help I would appreciate it (and so would she) very much.  Thank you!

jc11gurl

44 Posts

October 12th, 2004 20:00

One addition comment-computer did restart several times on its own.  This was the first few times she had started running Ad-Aware.  It would get halfway through the scan and then it would shut off her computer and restart.

volcano11

2 Intern

 • 

28K Posts

October 12th, 2004 21:00

So from what you say, it appears that the problem is not a network problem, but rather a software problem with Internet Explorer, and with the exception of Intenet Explorer, the computer functions OK.  Is that correct?  To see if you can restore internet access through Internet Explorer, download and run winsock xp fix from the following site:

http://www.spychecker.com/program/winsockxpfix.html

Looking at the HijackThis log, there appears to be lots of non-essential things running on the computer and there are still traces of spyware that have not been removed.  It looks like LimeWire was once installed, and Limewire brings with it all kinds of garbage.  See if you can remove Limeshop and any other Limewire related programs from Control Panel > Add/Remove Programs.  Also see if you can remove WildTangent using the same method.  Then, try to eliminate all non-essential programs from from running at startup.  There are lots of HP and Logitech specific programs that may or may not be essential.  Go to the following site and see which programs can be disabled from startup in msconfig using the comphrehensive list of startup programs available at that site:

http://www.pacs-portal.co.uk/startup_index.htm

Once this has been done, then run Spybot and Ad-Aware again, making sure that you are using the latest spyware definitions that can be downloaded from within these programs. 

If that still doesn't solve the problem, create another (cleaner) HijackThis log and post it on one of the following sites where the HijackThis experts can offer further advice:

http://subratam.org/
http://www.zerosrealm.com/forums/
http://www.bleepingcomputer.com/


Steve

 

Was this post helpful?

View All

0 events found

No Events found!

Top