pc locks up/resets hijacked not sure what to do
Started by
Razors
, Oct 02 2005 03:46 PM
#1
Posted 02 October 2005 - 03:46 PM
#2
Posted 02 October 2005 - 03:53 PM
it's very hard to type, also i have been using hijack this, ad aware SE, trojan hunter, spybot and AVG Free.
also - this is my last hijacker log
Logfile of HijackThis v1.99.1
Scan saved at 3:52:19 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\[bleep]\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myweb.cab...onal/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cableone.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O9 - Extra 'Tools' menuitem: &BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.cableone.net
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
also - this is my last hijacker log
Logfile of HijackThis v1.99.1
Scan saved at 3:52:19 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\[bleep]\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myweb.cab...onal/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cableone.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O9 - Extra 'Tools' menuitem: &BitmapEx - {F756A28D-DCD5-46be-BCAB-17C088D07227} - C:\Program Files\BitmapEx\BITMAPEX.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.cableone.net
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
#3
Posted 02 October 2005 - 04:14 PM
Razors...Welcome to G2G!
Click Start then Run and type regedit...click "Ok" Expand (click the +) H_KEY_LOCAL_MACHINE...then expand System...then expand CurrentControlSet...then expand Services...then expand LanmanServer...and click on Parameters. In the right pane, select "AutoShareServer" What is it's REG_DWORD value? Then select "AutoShareWks" What is it's REG_DWORD value?
Post back with the REG_DWORD values and we'll proceed from there.
wannabe1
Click Start then Run and type regedit...click "Ok" Expand (click the +) H_KEY_LOCAL_MACHINE...then expand System...then expand CurrentControlSet...then expand Services...then expand LanmanServer...and click on Parameters. In the right pane, select "AutoShareServer" What is it's REG_DWORD value? Then select "AutoShareWks" What is it's REG_DWORD value?
Post back with the REG_DWORD values and we'll proceed from there.
wannabe1
#4
Posted 02 October 2005 - 04:38 PM
ok, i got it open but.. i don't see an AutoShareServer in H_KEY_LOCAL_MACHINE/System/CurrentControlSet/Services/LanmanServer/Parameters but i did find AutoShareWks
AutoShareWks REG_SZ 3D0
and it's value data: 3D0
0000 33 00 44 00 30 00 00 00 3 . D . 0 . . .
0008
i double checked to make sure i was in the right folder, but it has no AutoShareServer
AutoShareWks REG_SZ 3D0
and it's value data: 3D0
0000 33 00 44 00 30 00 00 00 3 . D . 0 . . .
0008
i double checked to make sure i was in the right folder, but it has no AutoShareServer
#5
Posted 02 October 2005 - 04:41 PM
Dword value for AutoShareWks:
00000000 00440033 00000030
(forgot to post that the first time)
00000000 00440033 00000030
(forgot to post that the first time)
#6
Posted 02 October 2005 - 05:00 PM
Razors...
Navigate to H_KEY_LOCAL_MACHINE/System/CurrentControlSet/Services/LanmanServer/Parameters , click on "AutoShareWks" and right click on REG_DWORD, choose "Modify". In the data value box (make note of the current value), type 0 and press "Ok". Reboot
Let me know how it goes...
wannabe1
Navigate to H_KEY_LOCAL_MACHINE/System/CurrentControlSet/Services/LanmanServer/Parameters , click on "AutoShareWks" and right click on REG_DWORD, choose "Modify". In the data value box (make note of the current value), type 0 and press "Ok". Reboot
Let me know how it goes...
wannabe1
Edited by wannabe1, 02 October 2005 - 05:03 PM.
#7
Posted 02 October 2005 - 07:20 PM
i think that soved the problem, so far it hasn't froze or restarted. so i was able to run spybot trojan hunter and ad aware.. but now i have another issue but i don't think is related, but it's with my graphics card. i bought a geforce 5200 over a year ago and now the fan has gone out in it. so until i get the new one, i went ahead and enabled the built in card. i took the geforce out and made sure that my pc was set back up recognize the integrated one. problem is, when i run AVG my screen goes blank like it's in standby, and it won't come back on. sometimes the monitor does that when i'm running spybot too. i can hear windows running through my speakers, so i know it's not crashed. the only idea i tried was downloading new drivers, which did nothing. any ideas?
#8
Posted 03 October 2005 - 02:42 PM
ok, that didn't solve my problem, but it's kinda weird how i was able to go that long without it doing that. i checked my error messages again, and it's still the same thing.. i did fix my issue with my vid card but the lockups still remain.. i have no idea what else to try
#9
Posted 03 October 2005 - 02:59 PM
Razors...
I'd like to have the experts in Malware take a look at your HJT log...would you post one in that forum and post a link to it back here so I can track it? Malware Forum
Also, please download Speed Fan, install it, and run it to monitor voltages and temperatures. Keep an eye on the temperatures as you run the machine...I'm particularly interested in the temp at or near the time of a hang.
wannabe1
I'd like to have the experts in Malware take a look at your HJT log...would you post one in that forum and post a link to it back here so I can track it? Malware Forum
Also, please download Speed Fan, install it, and run it to monitor voltages and temperatures. Keep an eye on the temperatures as you run the machine...I'm particularly interested in the temp at or near the time of a hang.
wannabe1
#10
Posted 03 October 2005 - 03:32 PM
ok i installed pc fan, and made a post in the other forum as well:
http://www.geekstogo...son-t68216.html
on the Readings tab i have this in the little log window:
SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection
and other information
Fan1: 2318 RPM
Fan2: 0 RPM
Local Temp : 46C (has green check by it)
Remote Temp: 49C (has a green check and sometimes a flame if it goes up, but mostly green)
HD0: 0C (has blue arrow pointing down)
HD1: 55C (this has a flame by it, hasn't changed)
i have not made any adjustmesnts so far
http://www.geekstogo...son-t68216.html
on the Readings tab i have this in the little log window:
SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection
and other information
Fan1: 2318 RPM
Fan2: 0 RPM
Local Temp : 46C (has green check by it)
Remote Temp: 49C (has a green check and sometimes a flame if it goes up, but mostly green)
HD0: 0C (has blue arrow pointing down)
HD1: 55C (this has a flame by it, hasn't changed)
i have not made any adjustmesnts so far
#11
Posted 03 October 2005 - 03:54 PM
Win9x:NO 64Bit:NO GiveIO:YES SpeedFan:YES
I/O properly initialized
Linked ISA BUS at $0290
Linked Intel 82801AA ICH SMBUS at $1100
Scanning ISA BUS at $0290...
SuperIO Chip=LPC47m14x (PLEASE REPORT)
Sensor's Base Address : $0600
Scanning Intel SMBus at $1100...
ADM1021 (ID=$00) found on SMBus at $2A
Address $30 appears to be WRITE ONLY...
SMART Enabled for drive 0
Found Maxtor 4D040H2 (41.0GB)
SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection
I/O properly initialized
Linked ISA BUS at $0290
Linked Intel 82801AA ICH SMBUS at $1100
Scanning ISA BUS at $0290...
SuperIO Chip=LPC47m14x (PLEASE REPORT)
Sensor's Base Address : $0600
Scanning Intel SMBus at $1100...
ADM1021 (ID=$00) found on SMBus at $2A
Address $30 appears to be WRITE ONLY...
SMART Enabled for drive 0
Found Maxtor 4D040H2 (41.0GB)
SMART Enabled for drive 1
Found Maxtor 6Y120L0 (122.9GB)
End of detection
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users