Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Viruses? Trojans? Hijack this log


  • Please log in to reply

#1
CindyInItaly

CindyInItaly

    New Member

  • Member
  • Pip
  • 6 posts
I have had many problems with my system. I reinstalled Windows XP this morning and reinstalled a few drivers because files were missing that were needed to run the internet etc.

It keeps shutting down during a Norton scan, and during a Windows Update Install. I can pause the scan to stay online, but after a few minutes, it will still shut down. This happens ALL the time!!

If someone could please help me. I've posted in a couple other forums and have had no help! Thanks in advance!


Cindy

Here is my hijack this log:


Logfile of HijackThis v1.98.0
Scan saved at 3:27:53 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
I dont see anything that looks like it is causing the problem. Try running a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/
  • 0

#3
CindyInItaly

CindyInItaly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Well, I have tried both scans, and both times my system shut down before it could finish scanning (I'd guess at about 60%). This happens in any type of scan of the system, and during installations such as Windows Updates. Any other suggestions?

I don't know everything about viruses, but perhaps there's a file that shuts down the computer once it is accessed by a scan?

Cindy
  • 0

#4
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi Cindy,

Did you post you entire Hijack This log? It seems truncated.
  • 0

#5
CindyInItaly

CindyInItaly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, good news! You can use this one for anyone else who has that weird "shut down" phenomenon happening. I found the answer on another help board. It seems to be a common problem with laptops running on XP. It appears that the accumulation of dust on the CPU prevents the cooling system to work efficiently. As a consequence, the security system shuts the computer down to avoid damages. Several guys found huge dust quantities within their computer. Such dust layers are able to insulate the CPU, and cause its temperature to increase dramatically... In return, Windows XP will shut down your system during the excution of processes requiring the CPU to run intensively (anti-virus scans, mp3 conversion...), or after a long time working.

I have set up a fan to hit my computer and keep it cool. I was able to run a complete virus scan, install all the XP updates, and keep my computer online for several hours with NO shut downs!! Looks like it just needs a good fan cleaning.

I still can't figure out why I can't access certain websites? I used to be able to pull them up, but can't anymore.

I didn't delete anything out of the log. Here is one from today:

Logfile of HijackThis v1.98.0
Scan saved at 10:14:06 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoomail.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E12AE61-45D8-4D32-815E-1B304776FF12}: NameServer = 195.31.14.211 151.99.125.1
  • 0

#6
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey CindyinItaly,

Thanks for sharing what you found. That may certainly help other members here.

I still can't figure out why I can't access certain websites?


Are the sites secure. Meaning they begin with https://. Notice the s.

Also, close all windows and make sure HJT is open. Place a check next to the following entries and press fix checked:

O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

Reboot your PC
  • 0

#7
CindyInItaly

CindyInItaly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, they are secure. I was using another board for help (amazingtechs.com) and can not get back to the page. I get a dns error. I've only been able to get through once in the past month.

Also, Norton has popped up and said it's found 3 different viruses lately, but when I scanned today, they weren't found. I thought this was rather odd. Any suggestions on that?

Cindy
  • 0

#8
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey Cindy,

Well since there were secure sites, try this - with all browser windows closed, Go to Start->Run and copy and paste each of the following, hitting ok after each:
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
Reboot, then try to access the sites that were giving you problems again.

ditto
  • 0

#9
CindyInItaly

CindyInItaly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Still can't access it. I'm not to worried about it since I've gotten help now, but it's quite puzzeling as to why that 1 site can't be pulled up! Thanks for all of your help though!!

Cindy
  • 0

#10
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Try using Hosts File Reader to reset your hosts file:

http://www.geekstogo...tion=show&id=22

To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.
  • 0

#11
CindyInItaly

CindyInItaly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I downloaded the file, and did as instructed, but I had no such luck....

Cindy
  • 0

#12
admin

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi again Cindy, I can guess at why you may not be able to access the AmazingTech's site. Our site, and most others routinley ban Ip adresses, and sometimes blocks of IP address from accessing our server. This can be for a number of reasons, but usually inlvolves hacking attempts, or abuse. You should try emailing [email protected] with your IP address and let them know you're unable to access their site.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP