Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 4th, 2008, 3:02pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   TH causes my machine to reboot		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: TH causes my machine to reboot  (Read 656 times)
gooner
Newbie
*





   


Gender: male
 Posts: 9
TH causes my machine to reboot
« on: Dec 5th, 2007, 9:49am »		 Quote Quote  Modify Modify
Hi, I am new to the forum & have just downloaded TH 5 trial version. After a few seconds from starting a scan, my PC reboots itself. Any ideas what I have done wrong?
 
regards
 
Gooner
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #1 on: Dec 5th, 2007, 9:56am »		 Quote Quote  Modify Modify
Welcome to the forum gooner  Cheesy
 
Would you please boot into SAFE MODE and see if you can do a full system scan with TrojanHunter.  
 
Also, what version of Windows are you running and what other security programs do you have on your computer?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #2 on: Dec 5th, 2007, 11:26am »		 Quote Quote  Modify Modify
Hi, thanks for the welcome,
 
I ran SAFE mode and the scan worked ok.
 
My system is Win 2000 professional. I run AVG, Super anti spyware, zone alarm, spyware guard, popup blocker. I can provide a HJT if required
regards
 
Gooner
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #3 on: Dec 5th, 2007, 11:30am »		 Quote Quote  Modify Modify
Please provide the HJT log.  I can see nothing thus far that should be causing such a reboot problem.  
 
I assume that TH found nothing when you scanned in SAFE MODE, eh?  
 
Also, does your TH show to be V5.0.962?
« Last Edit: Dec 5th, 2007, 11:30am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #4 on: Dec 5th, 2007, 11:32am »		 Quote Quote  Modify Modify
Hi,
Correct - Th found nothing during scan in SAFE mode. Here is HJT:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:42, on 05/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
 
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Common Files\AOL\1133032638\ee\AOLSoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\Program Files\KlipFolio\KlipFolio.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\HPZipm12.exe
C:\program files\common files\aol\1133032638\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1133032638\ee\aolsoftware.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133032638\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h20264.www2.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: ZipToA - Unknown owner - C:\WINNT\System32\ZipToA.exe
 
--
End of file - 10913 bytes
IP Logged
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #5 on: Dec 5th, 2007, 11:33am »		 Quote Quote  Modify Modify
I have version 5, build 950, and it was downloaded yesterday
 
Gooner
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #6 on: Dec 5th, 2007, 11:44am »		 Quote Quote  Modify Modify
Quote:
I have version 5, build 950, and it was downloaded yesterday

 
Try to run LiveUpdate once from the TrojanHunter GUI.  If LiveUpdate works, it should download a newer version of TH along with the latest rulesets.
 
If that does not work, install TH again.  When TrojanHunter GUI opens, it should ask you if you want to download the latest rules.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #7 on: Dec 5th, 2007, 11:47am »		 Quote Quote  Modify Modify
OK - I just tried, but it says 'cannot download for a eval copy' so I will install again and let you know  
 
thanx for your help so far
 
Gooner
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #8 on: Dec 5th, 2007, 11:51am »		 Quote Quote  Modify Modify
Also, I see nothing in your HJT log that is "infectious" or out-of-norm.  
 
Please try temporarily de-activating your other security programs (except your software firewall) and see if TH will scan without a spurious reboot.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #9 on: Dec 5th, 2007, 1:46pm »		 Quote Quote  Modify Modify
Hi - I de installed THG using Windows Control Panel, rebooted PC, I then went onto www.misec.net site and downloaded trial download, then ran deep scan, which ran for a few seconds (it seemed to get to 'autostart files') then it rebooted. BTW the new download is still version 5 build 950. Sad
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #10 on: Dec 5th, 2007, 1:53pm »		 Quote Quote  Modify Modify
I sent you a private message.  Please read.   Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #11 on: Dec 6th, 2007, 2:17am »		 Quote Quote  Modify Modify
Gooner,
 
To continue to try to isolate why this problem is occurring, let's change the way your system responds to a fatal error.  Instead of rebooting automatically, let's make it give you a blue screen.  This will provide the info as to what is faulting.
 
Please go to the link below as to how to change this option in your system.  It's easy to do.
 
http://home.earthlink.net/~lreynol929/ruXP/ContPanl/rebootof.htm
 
Once you turn off this option, reboot your computer to make sure the option change is invoked.  Then do a TH scan.  When the blue screen appears, take note of the faulting element.  Then manually reboot your computer.  
 
Please post back here the info from the blue screen.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
gooner
Newbie
*





   


Gender: male
 Posts: 9
Re: TH causes my machine to reboot
« Reply #12 on: Dec 6th, 2007, 6:57am »		 Quote Quote  Modify Modify
Hi
 
STOP 0x000000IE (0xC0000005 0xBC86F703 0x00000000 0x00000000)
 
Address BC86F703 base at BC86E000 date stamp 409f405c windrvNT.sys
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #13 on: Dec 6th, 2007, 7:18am »		 Quote Quote  Modify Modify
Do you have Folder Lock from NewSoftwares.net Inc on your system...or ever had?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5462
Re: TH causes my machine to reboot
« Reply #14 on: Dec 6th, 2007, 7:21am »		 Quote Quote  Modify Modify
Also, here is a post that is exactly what is happening on your system.
 
http://forum.tweakxp.com/forum/shwmessage.aspx?ForumID=1&MessageID=1 53778&TopicPage=1
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register