Laptop Keeps Shutting Down - HijackThis Log Included

Hi guys,

My laptop keeps automatically turning off after about 2 - 3 minutes being on. This is since downloading a virus. I've run Spybot as well as Adaware, but it still happens.

The only way I was able to get a HijackThis log was by doing everything through Safe Mode which seemed to work.

Below is the log and it would be greatly appreciated if someone could help me make my fairly new laptop like new again! )

Many thanks in advance,
Zippy


Logfile of HijackThis v1.99.1
Scan saved at 22:59:31, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.msn.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows
Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming
Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and
Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe
/auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Michael\My
Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Michael\1.exe
O4 - HKLM\..\Run: [SvcManager] windowsq1.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Documents and Settings\Michael\My
Documents\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [Windows ACPI Verifier] dhcpserv.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv2]
c:\windows\system32\_mzu_stonedrv2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program
Files\MSN Toolbar
Suite\TAB\02.05.0000.1105\en-gb\msntabres.dll/229?455e2b92a0574c19b31ff436632aaa53
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program
Files\MSN Toolbar
Suite\TAB\02.05.0000.1105\en-gb\msntabres.dll/230?455e2b92a0574c19b31ff436632aaa53
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) -
http://activex.matcash.com/speedtest2.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xartcd5 - xartcd5.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -
C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Documents and
Settings\Michael\My Documents\Media
Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Documents and
Settings\Michael\My Documents\Media
Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

You should delete the following off your computer.

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN

O20 - Winlogon Notify: xartcd5 - xartcd5.dll (file missing)

I doubt that (seeing that the laptop is new) its hardware is bad/faulty. If you know roughly when you got this problem in relation to when you downloaded something, maybe you should make a back-up and delete everything you have downloaded the day before it happened and after.

 

Thanks Kateman!

Where can I find these files to delete?

Zippy
xxx

 

go down to your tool bar, right click on it, then click explore.

from there click on your C: (local drive). Then decide what file you want to delete, then follow the folders it says and delete only the the selected file. I will go through one with you.

C:\Program Files\winupdates\winupdates.exe

so i have chosen the file (above)

Open "C:" - then open "program files" - then open "winupdates" - then find the file "winupdates.exe" and delete it.

make sure you ONLY delete the things that hijackthis says!

 

argh, i mean you should just do another scan useing hijack this and find the files that i said and click on the box, then click the box "fix checked". It will delete them for you. sorry, i forgot