HELP! I'm desperate! and Hijack this

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
OS 98

I have a computer who has a computer that was and still is a mess. The computer was infected by the Istbar Trojan. Supposedly now it is only in the system restore but I can't get it off because anytime I try to run AVG or Adaware the computer crashes. This also happens when I try to start AOL 8.0 for broadband. So, I brought her computer home and hooked it up to my cable so that I could download some additional programs and to consult with TSGF since I am stumped. I have run Spybot and cleaned everything off. I ran the registry scan from Norton and got a bunch of stuff off. She was having an error message with Quicktime, so I uninstalled and then still found more quicktime files in start up and in the registry which I had to delete one by one. Since that things are better, but still bad. I did run hijack this and got some bad programs off, but want to consult here berfore further deleting. Please note that I have a number of startup items checked to not load otherwise I cannot get into normal Windows, only save mode.

When the computer crashes when I try to run Avg or any other program, if I try to get directly into normal windows, I get a number of Kernel32.dll errors andthen it stalls. I then can open in Safe mode, and reboot without the kernel32.dll errors. The error messages include a number of start up things like task AVGcc.exe or NortonP.exe. All programs that usually load up. (Even though I had many of them checked up not to start via selective startup.)

Anyway here is the Hijack this. Could someone please look and advise. Also any other suggestions - a scan on the net, etc. will be appreciated!!!


Thanks in advance!

Logfile of HijackThis v1.97.7
Scan saved at 4:44:22 PM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38044.3046990741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
Oops the first line should say I have a client who has a computer!! Sorry for the confusion.
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
Oh, one more thing. I just tried to run housecall. It gets about 95% of the engine downloaded and then freezes.
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
I've solved a lot more since post, ie. Ican always get into normal windows now. However, I still cannot run avg or adaware or panda etc. And I guess I'm going goo goo eyes. I am running Windows ME. I've only seen the 50 times I rebooted today! :) Please help if you have any suggestions. I just can't figure out why it starts a scan and then shuts off.

Thanks
 
Joined
Oct 9, 2001
Messages
9,396
Hi:)
Theres nothing showing up in your log,but if you r using MSConfig that could be why.......your going to have to enable all and somehow post a log af the full running processes so`s we can see everything thats happening.

Also......do i see both AVG and NAV running......not a good idea.

I would disable both for now till your able to give us a full HijackThis log.
;)
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
Oops posted this on wrong thread. Sorry if there is a duplication. Thanks, steve for replying. I've been on this stupid computer for more hours thanI want to admit!
I don't have NAV and avg running. Was clean sweep and utilities. However I uninstalled and it was still on. Tried to remove again and was unable because so files were missing. I did disable in start up so that I could at least get in to normal windows.

Heres the scan.
Logfile of HijackThis v1.97.7
Scan saved at 4:44:22 PM, on 4/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38044.3046990741
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
Thanks. I thought I cleaned it out. But do you have any other suggestions? It just shuts down anytime I try adaware panda etcc. There has got be something that is hanging it up and then stopping. I'm kind of at a loss of what to do. Thanks!
 

melonhead

Thread Starter
Joined
May 6, 2002
Messages
882
the computer and then I have to go into safe mode and reboot otherwise I can't get into normal windows
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top