Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pc locks up/resets hijacked not sure what to do

Started by Razors , Oct 02 2005 03:46 PM

  • Please log in to reply

#1
Razors
Posted 02 October 2005 - 03:46 PM

Razors

    Member

  • Member
  • PipPip
  • 11 posts
i'm having lots of trouble with my pc. i'm sure it got hijacked, and i was started looking for answers to fix the problem. i downloaded the recomended spyware removal programs, virus programs from this site but my pc crashes when i'm scanning or even at idle it crashes. i think i gotten most of the stuff off by now but the issue persists and makes it hard to scan when the scanners take hours to do their thing. i did /run eventvwr.msc /s and found in the error report there's a file in the registry called AutoShareWks that it says has an incorrect value. i have no idea how to fix this or what to enter. could anyone help me? scanners are really out of the question, if i could repair the value myself so the pc stops freezing and resetting that would be a big help to my problem. thanks
  • 0

Advertisements

#2
Razors
Posted 02 October 2005 - 03:53 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
it's very hard to type, also i have been using hijack this, ad aware SE, trojan hunter, spybot and AVG Free.


also - this is my last hijacker log


Logfile of HijackThis v1.99.1
Scan saved at 3:52:19 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\[bleep]\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myweb.cab...onal/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cableone.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O9 - Extra 'Tools' menuitem: &BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.cableone.net
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#3
wannabe1
Posted 02 October 2005 - 04:14 PM

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Razors...Welcome to G2G!

Click Start then Run and type regedit...click "Ok" Expand (click the +) H_KEY_LOCAL_MACHINE...then expand System...then expand CurrentControlSet...then expand Services...then expand LanmanServer...and click on Parameters. In the right pane, select "AutoShareServer" What is it's REG_DWORD value? Then select "AutoShareWks" What is it's REG_DWORD value?

Post back with the REG_DWORD values and we'll proceed from there.

wannabe1
  • 0

#4
Razors
Posted 02 October 2005 - 04:38 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok, i got it open but.. i don't see an AutoShareServer in H_KEY_LOCAL_MACHINE/System/CurrentControlSet/Services/LanmanServer/Parameters but i did find AutoShareWks

AutoShareWks REG_SZ 3D0

and it's value data: 3D0

0000 33 00 44 00 30 00 00 00 3 . D . 0 . . .
0008

i double checked to make sure i was in the right folder, but it has no AutoShareServer :tazz:
  • 0

#5
Razors
Posted 02 October 2005 - 04:41 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
:tazz: Dword value for AutoShareWks:

00000000 00440033 00000030

(forgot to post that the first time)
  • 0

#6
wannabe1
Posted 02 October 2005 - 05:00 PM

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Razors...

Navigate to H_KEY_LOCAL_MACHINE/System/CurrentControlSet/Services/LanmanServer/Parameters , click on "AutoShareWks" and right click on REG_DWORD, choose "Modify". In the data value box (make note of the current value), type 0 and press "Ok". Reboot

Let me know how it goes...

wannabe1

Edited by wannabe1, 02 October 2005 - 05:03 PM.

  • 0

#7
Razors
Posted 02 October 2005 - 07:20 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i think that soved the problem, so far it hasn't froze or restarted. so i was able to run spybot trojan hunter and ad aware.. but now i have another issue but i don't think is related, but it's with my graphics card. i bought a geforce 5200 over a year ago and now the fan has gone out in it. so until i get the new one, i went ahead and enabled the built in card. i took the geforce out and made sure that my pc was set back up recognize the integrated one. problem is, when i run AVG my screen goes blank like it's in standby, and it won't come back on. sometimes the monitor does that when i'm running spybot too. i can hear windows running through my speakers, so i know it's not crashed. the only idea i tried was downloading new drivers, which did nothing. any ideas?
  • 0

#8
Razors
Posted 03 October 2005 - 02:42 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
:tazz: ok, that didn't solve my problem, but it's kinda weird how i was able to go that long without it doing that. i checked my error messages again, and it's still the same thing.. i did fix my issue with my vid card but the lockups still remain.. i have no idea what else to try
  • 0

#9
wannabe1
Posted 03 October 2005 - 02:59 PM

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Razors...

I'd like to have the experts in Malware take a look at your HJT log...would you post one in that forum and post a link to it back here so I can track it? Malware Forum

Also, please download Speed Fan, install it, and run it to monitor voltages and temperatures. Keep an eye on the temperatures as you run the machine...I'm particularly interested in the temp at or near the time of a hang.

wannabe1
  • 0

#10
Razors
Posted 03 October 2005 - 03:32 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok i installed pc fan, and made a post in the other forum as well:

http://www.geekstogo...son-t68216.html

on the Readings tab i have this in the little log window:

SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection

and other information

Fan1: 2318 RPM
Fan2: 0 RPM

Local Temp : 46C (has green check by it)

Remote Temp: 49C (has a green check and sometimes a flame if it goes up, but mostly green)

HD0: 0C (has blue arrow pointing down)

HD1: 55C (this has a flame by it, hasn't changed)

i have not made any adjustmesnts so far
  • 0

#11
Razors
Posted 03 October 2005 - 03:54 PM

Razors

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Win9x:NO 64Bit:NO GiveIO:YES SpeedFan:YES
I/O properly initialized
Linked ISA BUS at $0290
Linked Intel 82801AA ICH SMBUS at $1100
Scanning ISA BUS at $0290...
SuperIO Chip=LPC47m14x (PLEASE REPORT)
Sensor's Base Address : $0600
Scanning Intel SMBus at $1100...
ADM1021 (ID=$00) found on SMBus at $2A
Address $30 appears to be WRITE ONLY...
SMART Enabled for drive 0
Found Maxtor 4D040H2 (41.0GB)
SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP