1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijackthis problem

Discussion in 'Virus & Other Malware Removal' started by angielynn, Apr 24, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    A friend of mine is having probs......not sure what though lol The first problem is ... when she tries to run hijackthis she gets an error message saying
    "invalid picture". Anyone know how to fix this?

    We tried deleting it and downloading it again and still have the same problem.

    Thank You
    Angie
     
  2. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    This one is new on me.What operating system are you using.
     
  3. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    ME and we just ran a virus scan and found this TROJ TOMADI.A.
     
  4. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    Download "Spybot S&D" Close all running programs, install then reboot.
    Start it and go online and press 'search for updates' tab. (NOTE: if you have problems,
    select the US or Australian mirror site to download updates from). Download all updates
    that aren't optional. Close all browser windows and run the scan. When it's finished,
    'Check All', and fix everything SpybotSD labels in RED. Reboot.

    If you can get HKT running ,post the log here
     
  5. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    thank you pancake

    we are running adaware right now . as soon as it is done we will run spybot and see if hijack will work.

    thank you

    Ang
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Right-click on HijackThis and choose "open with".......make sure its associated with notepad.
    ;)
     
  7. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    Steve

    When she right clicks on hjt it only says "open" it doesn't give her "open as" as an option.
     
  8. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    we ran spybot s&d and now hijackthis is working ..... she's rebooting right now and when she gets back I will post a new hijackthis file. Thank you all for your help!!!
     
  9. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    new hijackthis log

    Logfile of HijackThis v1.97.7
    Scan saved at 5:19:00 AM, on 4/24/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
    C:\PROGRAM FILES\FSI\F-PROT\F-SCHED.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>;127.0.0.1
    N1 - Netscape 4: user_pref("browser.startup.homepage", "allaboutsearching.com");\nuser_pref("browser.startup.page", 1);user_pref("network.max_connections", 4); (C:\Program Files\Netscape\Users\glimm\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [SpyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\FSI\F-Prot\F-STOPW.EXE"
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
    O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://mx253.sb03.com/apps/softsearch/247_ax1.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
     
  10. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Spybot must have got whatever it was,the log is clean......but you should remove one of the A/V programs....not wise to run two.
    I would have HijackThis fix this entry:
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://mx253.sb03.com/apps/softsearch/247_ax1.cab

    Consider installing the following:

    SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

    IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
    ;)
     
  11. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    Thank you Steve

    One question ...... should she have spybot and spywareblaster or do they do different things?
     
  12. Pancake

    Pancake

    Joined:
    Jan 9, 2004
    Messages:
    313
    SpywareBlaster is good to keep as it stops the nasties from being installed.I use it.You can keep SpyBot just to do the odd scan but remember to update it.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223388

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice