View previous topic :: View next topic |
Author |
Message |
taz71498
1st Responder
Premium Member
Joined: Jan 30, 2004
Posts: 1445
Location: USA
|
Posted: Mon Mar 29, 2004 11:12 am Post subject: Hijack This stops responding |
|
|
I have been trying to run Hijack This on one of my computers. It starts the scan and then stops responding. Anyone have this problem? Any suggestions. I had run Hijack This on this computer before, so it worked at one time. |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1110
Location: USA
|
Posted: Wed Mar 31, 2004 11:18 am Post subject: |
|
|
re-download hijackthis and see if that helps:
www.zerosrealm.com/downloads/hjt.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. |
|
Back to top |
|
|
taz71498
1st Responder
Premium Member
Joined: Jan 30, 2004
Posts: 1445
Location: USA
|
Posted: Wed Mar 31, 2004 4:38 pm Post subject: |
|
|
Hi irelynnmisses,
Well, thanks for trying to help. It must be my computer that I am using. I have tried everything. I have downloaded and redownloaded. I even tried it in safe mode. Ran online virus scan, nothing. This computer I am using is old. I want to use it for helping with Hijack this logs and download all the tools on here, but I think I might just reformat the hard drive and start with a clean computer. The computer is hanging for some reason. Maybe I need to grab one of my other old computers and try. I am not really good with hardware issues but maybe that could be the cause. Who knows.
_________________
Some days you're the dog, and some days you're the hydrant. |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1110
Location: USA
|
Posted: Wed Mar 31, 2004 8:14 pm Post subject: |
|
|
Sorry to hear that,, maybe one of our super expert will come to your rescue
I hope you fix it though so we can see ya here!
_________________
Forum Moderator at:
http://killspyware.go.dyndns.org/
Helper At:
http://www.spywareinfo.com/
1st Rwsponder At:
http://www.computercops.biz/ |
|
Back to top |
|
|
taz71498
1st Responder
Premium Member
Joined: Jan 30, 2004
Posts: 1445
Location: USA
|
Posted: Wed Mar 31, 2004 8:20 pm Post subject: |
|
|
Thanks. I am here helping, I have 3 computers, I just wanted to dedicate one though for this. No biggy, I can just reformat it and see if I can get it going.
_________________
Some days you're the dog, and some days you're the hydrant. |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1110
Location: USA
|
Posted: Thu Apr 01, 2004 12:50 am Post subject: |
|
|
hee hee... good luck
_________________
Forum Moderator at:
http://killspyware.go.dyndns.org/
Helper At:
http://www.spywareinfo.com/
1st Rwsponder At:
http://www.computercops.biz/ |
|
Back to top |
|
|
SHERI
Trooper
Joined: Apr 23, 2004
Posts: 10
Location: USA
|
Posted: Fri Apr 23, 2004 7:09 pm Post subject: hijackthis log PLEASE HELP!!! |
|
|
Hi, Could one of the experts please view my hijackthis log and let me know why I am getting popups,my computer is running slow and I am having a hard time connection to internet. I have run cwshredder, ad-aware, spybot and spywareblaster. I have run a security check on the symantec website and it said at one time that I had trojan.byteverify but after I ran some of the programs I mentioned, it comes up clean now according to symantec but I am still getting the popups and other problems I mentioned. PLEASE PLEASE PLEASE HELP!!!! Thanks Sheri
Logfile of HijackThis v1.97.7
Scan saved at 2:40:01 AM, on 4/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\fxredir.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\SHERI\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebay.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ebay.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/...1/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/...acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...0167708333
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP...-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se...loader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F716D0BC-CCA0-4140-B28C-EBE5A323C528}: NameServer = 208.24.218.3 |
|
Back to top |
|
|
taz71498
1st Responder
Premium Member
Joined: Jan 30, 2004
Posts: 1445
Location: USA
|
Posted: Fri Apr 23, 2004 7:18 pm Post subject: |
|
|
Hey Sheri,
I know you didn't mean to use the caps.
I will help you.
I may have given you the wrong link by mistake. I will quick check though. |
|
Back to top |
|
|
taz71498
1st Responder
Premium Member
Joined: Jan 30, 2004
Posts: 1445
Location: USA
|
Posted: Fri Apr 23, 2004 7:25 pm Post subject: |
|
|
Sheri,
Your Hijackthis is still running in a temporary folder. You need to move it to, how about, My Documents. Run the program from there. The reason for this is that Hijackthis cannot create backup files while it is being run from a temporary folder.
When you do get the log please post it here:
http://www.computercops.biz/forum67.html Just before the messages start there is a button that says NEW TOPIC. Click on that and post your log there. |
|
Back to top |
|
|
SHERI
Trooper
Joined: Apr 23, 2004
Posts: 10
Location: USA
|
Posted: Fri Apr 23, 2004 7:27 pm Post subject: Hijackthis log |
|
|
Thanks. Any help will be greatly appreciated. I don't know that much about computers. Sheri |
|
Back to top |
|
|
IcSilk
Cadet
Joined: Apr 23, 2004
Posts: 1
Location: USA
|
Posted: Fri Apr 23, 2004 9:00 pm Post subject: Registry |
|
|
I had the same problem when I first got HijackThis. The problem with mine was that my registry was a mess w/alot of corrupt files - turns out that somehow, in the HKEY_LOCAL_MACHINE folder a file generated that disabled programs like hijackthis and ad-aware etc. I don't have the name of it anymore but it was in the form of .dll. I simply used a registry scanning application that professed to be top line at registry maintenance and cleaning and had a freeware trial version. It was 'CleanMyPC - Registry Cleaner 2.16'. If you Google for it you'll have more options to choose from as to what to use. But it solved everything and I have had no trouble with HijackThis since.
Good luck - hope it all works out for you. |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1110
Location: USA
|
Posted: Sun Apr 25, 2004 3:04 am Post subject: |
|
|
She isn't ahving registry problems.. she is having several viruses and trojans problem. Please disregard the above advice and stick with what TAZ has told ya to do
_________________
Forum Moderator at:
http://killspyware.go.dyndns.org/
Helper At:
http://www.spywareinfo.com/
1st Rwsponder At:
http://www.computercops.biz/ |
|
Back to top |
|
|
|