raposeiro Posted November 26, 2008 Report Share Posted November 26, 2008 i dont know what the problem is heres my hijackthis report can you guys please help me out????Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:31:56 AM, on 11/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exeC:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\NetAssistant\bin\mpbtn.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -lO4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [iTPIPSetup] "c:\35c564b6d3be6951c8bc97389afa\setupstb.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{DA204304-E041-46B1-9A6E-F41A29BE0BCE}: Domain = sympatico.caO17 - HKLM\System\CCS\Services\Tcpip\..\{DA204304-E041-46B1-9A6E-F41A29BE0BCE}: NameServer = 192.168.2.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.180O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.180O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dllO20 - Winlogon Notify: fqpgdrur - fqpgdrur.dll (file missing)O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - (no file)O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeO23 - Service: Print Spooler Service (foaezqaeddu) - Unknown owner - C:\WINDOWS\system32\trwqlhhz.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS--End of file - 6870 bytes Link to comment Share on other sites More sharing options...
Firon Posted November 26, 2008 Report Share Posted November 26, 2008 Turn off automatic rebooting for BSODs. http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/russel_02may13.mspxThen you can write down the crash. Make sure minidumps are enabled too.It also looks like your system was (is?) infected with malware. O20 - Winlogon Notify: fqpgdrur - fqpgdrur.dll (file missing) Link to comment Share on other sites More sharing options...
raposeiro Posted November 26, 2008 Author Report Share Posted November 26, 2008 yeah i got everything off of my computer. bought a load of new software programs. but my utorrent still keeps crashing but ill try what you said. hey i did what you said and utorrent stayed open longer but than restarted. and also i wasnt getting blue screen before when i had the box checked but when i unchecked the box i got the blue screen. :( what could be the problem here???? i want utorrent to stay open lol...<<<<----(((( UPDATE ))))---->>>>--PROCESS EXPLORER--Process PID CPU Description Company NameSystem Idle Process 0 98.48 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 992 Windows NT Session Manager Microsoft Corporation csrss.exe 1040 Client Server Runtime Process Microsoft Corporation winlogon.exe 1080 Windows NT Logon Application Microsoft Corporation services.exe 1152 Services and Controller app Microsoft Corporation svchost.exe 1368 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 4064 Windows Update Automatic Updates Microsoft Corporation svchost.exe 1736 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 2036 Spooler SubSystem App Microsoft Corporation svchost.exe 688 Generic Host Process for Win32 Services Microsoft Corporation avgwdsvc.exe 948 AVG Watchdog Service AVG Technologies CZ, s.r.o. avgam.exe 2364 AVG Alert Manager AVG Technologies CZ, s.r.o. avgrsx.exe 2384 AVG Resident Shield Service AVG Technologies CZ, s.r.o. avgnsx.exe 2424 AVG Network scanner Service AVG Technologies CZ, s.r.o. mscorsvw.exe 1516 .NET Runtime Optimization Service Microsoft Corporation cmdagent.exe 1696 nvsvc32.exe 804 NVIDIA Driver Helper Service, Version 91.31 NVIDIA Corporation PRISMXL.SYS 760 PrismXL Service Lanovation wdfmgr.exe 968 Windows User Mode Driver Manager Microsoft Corporation avgemc.exe 2864 AVG E-Mail Scanner AVG Technologies CZ, s.r.o. alg.exe 360 Application Layer Gateway Service Microsoft Corporation lsass.exe 1200 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 544 Windows Explorer Microsoft Corporation PRONoMgr.exe 652 PRONotifyMgr Module Intel® Corporation jusched.exe 680 Java Platform SE binary Sun Microsystems, Inc. IPClient.exe 836 IP Session Statistics Visual Networks ipmon32.exe 856 IP Monitor Visual Networks avgtray.exe 912 AVG Tray Monitor AVG Technologies CZ, s.r.o. msmsgs.exe 1508 Windows Messenger Microsoft Corporation LogitechDesktopMessenger.exe 1980 Logitech Desktop Messenger Logitech Inc. firefox.exe 3612 Firefox Mozilla Corporation uTorrent.exe 3172 0.76 µTorrent BitTorrent, Inc.rundll32.exe 888 Run a DLL as an App Microsoft Corporationmpbtn.exe 1128 procexp.exe 3348 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3172Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.00.0000.0134CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3316fltlib.dll Filter Library Microsoft Corporation 5.01.2600.2978GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316guard32.dll 3.05.55470.0430hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912IPHook32.dll System Hook DLL Visual Networks 5.05.0100.0115kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.3462netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180nview.dll NVIDIA nView Desktop and Window Manager 110.38 NVIDIA Corporation 6.14.0010.11038nvwddi.dll NVIDIA nView Display Driver Interface Lib, Version 91.31 NVIDIA Corporation 6.14.0010.9131ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3266PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3429sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wship6.dll IPv6 Helper DLL Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
GTHK Posted November 26, 2008 Report Share Posted November 26, 2008 You were supposed to look at the blue screen of death (BSOD) message. Well, did it create a file for it in C:\WINDOWS\Minidump? If you have one, put it on mediafire.com (please stick it in a zip/7zip/rar archive first to save space and for ease of debugging).Also, updating to SP3 wouldn't hurt :3 Link to comment Share on other sites More sharing options...
raposeiro Posted November 26, 2008 Author Report Share Posted November 26, 2008 whats wrong with sp2?? Link to comment Share on other sites More sharing options...
GTHK Posted November 26, 2008 Report Share Posted November 26, 2008 I didn't say anything was wrong with SP2 Find those crash dumps? Start > Run > %windir%\Minidump Link to comment Share on other sites More sharing options...
raposeiro Posted November 26, 2008 Author Report Share Posted November 26, 2008 latest one in the folder i opened from /run was wednesday jan 2 2008 - tuesday aug 19 2008 rest are 2007 monthsand still waiting on utorrent to restart comp and bring up blue screen to write down info ill get back to this post soongot what it said on the blue screen:***STOP:0x0000007f (0x00000000, 0x00000000, 0x00000000, 0x00000000) Link to comment Share on other sites More sharing options...
GTHK Posted November 26, 2008 Report Share Posted November 26, 2008 No file name in the message? Can you go back to where you disabled auto-reboot and make sure small mini dump is selected, rather then minidumping being disabled? Did you disable the paging file or make it really small?http://support.microsoft.com/kb/137539 Link to comment Share on other sites More sharing options...
raposeiro Posted November 26, 2008 Author Report Share Posted November 26, 2008 small memory dump is onhttp://www.mediafire.com/?sharekey=f13397d555909c51d2db6fb9a8902bdalink to jan 2 2008 file in my memory dump folder Link to comment Share on other sites More sharing options...
GTHK Posted November 26, 2008 Report Share Posted November 26, 2008 Did you read the MS article for a bit of info? Have you tampered with the paging file?Crash dump you gave me says IPVNMon.sys did it, don't know what that file is for. Are you using an HP notebook? Link to comment Share on other sites More sharing options...
raposeiro Posted November 26, 2008 Author Report Share Posted November 26, 2008 lol cant seen to figure out how to do a system diagnostici gave u crash dump file from january 2 2008 dont got none up till aug 2008im using a desktop Link to comment Share on other sites More sharing options...
GTHK Posted November 26, 2008 Report Share Posted November 26, 2008 You could try running MemTest86+ overnight. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.