1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Rollin Rog told me to post my HJT log here.

Discussion in 'Virus & Other Malware Removal' started by sk8nkid99, Jan 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. sk8nkid99

    sk8nkid99 Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    10
    Lately I've been having a problem with my computer, I will turn it on then after 10-20 minutes or so I'll try to open Taskmanager and it wont open, but the green status square appears in the start bar, near the clock (the box shows how much of the RAM is in use)... Also when Taskmanager wont open other programs wont either, such as AOL Instant Messenger, ICQ, Excel, Word, etc.

    I dont know what the problem is, I have 768 MB of RAM and a 2.6 Ghz processor, when it happens I'm not running a lot of programs, infact most of the time no program is running

    The only way to fix it is to restart the computer, but I shouldn't need to restart my computer 10-15 times a day just so it works properly, does anyone know what may be wrong with it?


    Here's my HJT log

    Logfile of HijackThis v1.99.0
    Scan saved at 11:14:22 AM, on 1/29/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NetAssistant\bin\mad.exe
    C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
    C:\WINDOWS\system32\windns.exe
    C:\WINDOWS\System32\srss.exe
    C:\WINDOWS\System32\ehshell.exe
    C:\WINDOWS\System32\Studio.exe
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\NetAssistant\bin\mpbtn.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\Stuff\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\windns.exe
    O4 - HKLM\..\Run: [Microsoft Update] srss.exe
    O4 - HKLM\..\Run: [Media center] ehshell.exe
    O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] srss.exe
    O4 - HKLM\..\RunServices: [Media center] ehshell.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Block] Studio.exe
    O4 - HKCU\..\Run: [Microsoft Update] srss.exe
    O4 - HKCU\..\Run: [Media center] ehshell.exe
    O4 - HKCU\..\Run: [Sygate Personal Block] Studio.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106973361936
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D7EBAA3-A5C9-465A-BDF3-3B786C9212E4}: NameServer = 206.47.244.50 206.47.244.79
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D7EBAA3-A5C9-465A-BDF3-3B786C9212E4}: NameServer = 206.47.244.50 206.47.244.79

    hopefully i can get this resolved
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    [​IMG] Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

    If HijackThis has not been downloaded or copied to a permanent folder, move it there before beginning.



    Then:

    1 >> Restart in Safe Mode. Instructions here if you need them:http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    2 >> In Safe Mode run HijackThis and check and "fix" the following entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

    O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\windns.exe
    O4 - HKLM\..\Run: [Microsoft Update] srss.exe
    O4 - HKLM\..\Run: [Media center] ehshell.exe
    O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe

    O4 - HKLM\..\RunServices: [Microsoft Update] srss.exe
    O4 - HKLM\..\RunServices: [Media center] ehshell.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Block] Studio.exe
    O4 - HKCU\..\Run: [Microsoft Update] srss.exe
    O4 - HKCU\..\Run: [Media center] ehshell.exe
    O4 - HKCU\..\Run: [Sygate Personal Block] Studio.exe


    3 >> Go to Start > Run and enter cmd and a command shell will open. At the prompt carefully type and enter each line:

    del C:\WINDOWS\system32\windns.exe
    del C:\WINDOWS\System32\srss.exe
    del C:\WINDOWS\System32\ehshell.exe
    del C:\WINDOWS\System32\Studio.exe


    Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

    Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them

    >> Reboot and post a new Scanlog. Let us know if the problem persists.
     
  3. sk8nkid99

    sk8nkid99 Thread Starter

    Joined:
    Jan 28, 2005
    Messages:
    10
    Logfile of HijackThis v1.99.0
    Scan saved at 12:03:20 PM, on 1/29/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Documents and Settings\Administrator\Desktop\Stuff\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106973361936
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    heres the new log :D

    also do u happen to know what program is making my load up time LONG!! cause it will load up but i cannot do anything untill the messenger icon comes up on the bottom right corner. would it be msn making it longer?
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    There is nothing in the current Scanlog that would cause excessive load time. Is this still occuring?

    Also try shutting down and leaving it cool off for a while. Slow performance can sometimes be a heat issue.

    To test whether "messenger" or any of the other "legit" entries in startup is a factor, run msconfig

    and try unchecking the "load startup" items. If it boots quickly that way, then something under the startup tab is causing it. You can selectively troubleshoot those.

    By the way, although not "malware" you don't really need this there:

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    http://www.liutilities.com/products/wintaskspro/processlibrary/updreg/

    You are also badly in need of Windows updates, both for your Operating System and for Internet Explorer, which at the very least should be updated to sp1 and the cumulative patch applied.

    You may want to consider installing XP SP2 which includes an update to IE.

    If you do, be sure you know the caveats and how to remove it if the install mis fires.

    You can find most info for this in the Microsoft section of the Security HelpTools thread in this forum.

    See also:

    http://forums.techguy.org/t267260.html
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Rollin told post
  1. Kirov
    Replies:
    0
    Views:
    289
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324617

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice