1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Hijackthis log and scan disk problem

Discussion in 'Virus & Other Malware Removal' started by angielynn, Jan 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    Hello all!

    I'm having a few problems

    1. When I run scandisk it hits 20% and stops.

    2. The last 2 or 3 days my computer has been running really slow. If I have 2 or more pages open and try to use f11 or click on my favorites button it takes ages to respond. If I try to open a new window it will freeze for 5 to 10 seconds.

    I ran ad-aware and avg (made sure that I updated both before scanning) and they didn't find anything.

    Any help will be greatly appreciated!!



    Logfile of HijackThis v1.99.0
    Scan saved at 1:53:18 AM, on 1/29/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\CallWave\IAM.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095572800578
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{74F4EDE0-2230-4606-A2B2-05C5E09422A5}: NameServer = 205.171.3.65 205.171.2.65
    O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
     
  2. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
    Hello AngieLynn, LimeShop seems to be the problem here http://www.2-spyware.com/remove-limeshop.html I would remove it from your system.

    Then use CCLeaner to clean up your system and remove a lot of junk files.

    Have you updated AdAware recently? You should also try SpyBot SD and SpywareBlaster, as most of us use all three programs, plus Microsoft has its new Beta AntiSpware program available on the downloads page.

    My IE home page: http://v5.windowsupdate.microsoft.com/library/toolbar/3.0/sitemap/en-us.mspx

    You don't appear to have added SP2 or updated the OS recently which could be giving you problems. Is there a reason for not doing so?

    Couple of other things. How much RAM does your system have, how big is the drive, and is it partitioned? If so have you imaged the drive so that you can restore easily in case of mishap?

    When you run CheckDisk it may help to run Disk Cleanup first. (Do you see disk cleanup compressing old files, btw?) and then run chkdsk by right-clicking on the drive icon(s), choosing Properties, Tools, Check Now... , and checking both check-boxes, then clicking OK so that CheckDisk runs on re-boot.

    Nice to see the quote from Etienne de Grellet, a French Quaker.
     
  3. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    RAM-PAGE thank you for your help!

    Here's what I've done so far.

    Found out that hubby has been turning AVG off when he uses the comp because he thought that it was a graphics program. I found a virus this morning when I ran it and had AVG remove it.

    I removed LimeShop through add or remove programs it said it removed the file but it's still on the list.

    I haven't added sp2 or updated recently because my dial up takes ages to download and usually ends up booting me offline before I'm even close to done. I'll be on cable by the end of the month and will update those as soon as I am.

    I'm sorry when I said scan disk I meant disk cleanup. It will start but never finishes. I've started it and let it be for hours and it never finishes. Says compressing old files and 2 or 3 little green blocks show up but it never goes past that point.

    40gb on the drive but I'm not sure about ram. How do I check that? and as for being partitioned I have no idea :eek:

    I will download SpyBot SD and SpywareBlaster this week.

    Thanks so much for your help.
     
  4. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
    My pleasure. :)

    The compressing old files hold up is a known fault. Later editions of XP don't seem to have this registry key so it is safe to delete.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;812248

    Will explain what to do. I did this with my older version of XP and Disk Cleanup never hung up after that.

    Having removed LimeShop once will you try it again and see if you can just remove the entry in Add-Remove programs. (Might need to use HijackThis if it doesn't come off the system, we'll see.)

    Waiting to install SP2 with broadband is certainly a better idea. Don't let it install itself, instead download the entire file from the MS Download site to your computer.

    Then use AutoStreamer 1·0 to slipstream SP2 together with the core files from your XP CD whereby you get an .ISO file from which to burn an up-to-date XPSP2 CD so that you can run: sfc /scannow , to repair system files in future, and THEN add SP2 to your system by running the WindowsXP-KB835935-SP2-ENU.exe file from your HDD. (ENU is the English version.)

    You can then also install the Recovery Console to the hard-drive which makes it easier to get to.

    To find the amount of RAM right-click - Your - My Computer and open the Properties and see what it says on the General tab.

    If you have one drive with all 40Gb (38146.97Mb or 37.25Gb) then there is only one partition.

    I have a friend called Ettiene. Comes from Chad.
     
  5. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    Thank you so much RAM-PAGE!

    I went to the link that you gave me for disk cleanup and did what it told me. Ran disk cleanup after that and it worked perfectly! Thank you!

    Since it's working fine can I go ahead and delete the Volume Caches backup that I made? Or should I hold on to it?

    I tried to remove LimeShop again and it gave me this error.

    ERROR: Could not execute Main : The system cannot find the file specified.

    I have 256 mb of Ram and yes all 40gb are on one drive.

    Here is a new hijackthis log.

    C:\Program Files\CallWave\IAM.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095572800578
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{74F4EDE0-2230-4606-A2B2-05C5E09422A5}: NameServer = 209.244.0.3 209.244.0.4
    O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
     
  6. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
    My pleasure. Thank you. :)

    Works every time for the Disk Cleanup routine. If you use CCLeaner you can remove a lot of other junk files. Just be careful, especially with file extensions, and make backups of anything you are not sure about.

    Regarding the Volume Caches key backup. I generally hold onto these for about a month until I am satisfied that there is no problem. With this particular key backup I deleted it after running Disk Cleanup several times without mishap.

    When it comes to good backups I have a drive image of the Operating System drive (C: ) and backup data from drives D:, E:, & F: to CDRs.

    I then have an Automated System Recovery (ASR) diskette and keep the backup for it at F:\BackupC\BackupC.bkf

    Now that Limeshop is going this entry can go:

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

    When you get the message: ERROR: Could not execute Main : The system cannot find the file specified. Do you get an option to remove the Entry from the Add-Remove list?

    I'll give you my thinking on RAM for XP.

    I had ME on this machine with 256Mb PC133 SDRAM and found that it ran better with 512Mb. More can be a problem with ME and Vcache settings.

    With XP 256Mb is slow, and you can get low Virtual Memory warnings.
    With 512Mb the system is four times faster and you get no Virtual Memory Warnings. Internet Explorer is MUCH faster even with an Ethernet Modem.

    As my motherboard has three slots I have 3 x 256Mb modules giving 768Mb which means that I can run with 14 open applications even with a paltry 1·0GHz PIII, and it also means that I have a spare, as the computer runs very well on 512Mb.

    Some say that adding RAM can produce a performance decrease. Not if your power supply is up to running 3 x 5watts more (5watts for each module)

    With one module in the processor reads 999MHz
    With two modules in the processor reads 1000MHz
    With three modules in the processor reads 998Mhz

    At the moment I am running on 512Mb as one module has a problem and I have to order another.

    These three 256Mb modules cost me $38 each and I bought all three at the same time, keeping the old modules for when I sell this computer on.

    So I would say that you should add another 256Mb module and see how your computer performs.

    I find it safer to partition the drive as you can see. With this 80Gb drive I use a 10240Mb drive C: partition to load XP Professional which allows plenty of space for a paging file (up to the max of 2048Mb) and which also allows for a minimum of 15% drive-space so that defrag will run without any problem.

    When SP2 came out I decided to do a clean re-install, so I downloaded the entire SP2 file to the hard-drive and then used a freeware program called AutoStreamer 1·0 to slipstream the SP2 service pack together with the core files from my XP CD. AutoStreamer makes an .ISO file from which to burn a new XPSP2 CD and then you use this new CD to do the installing.

    You just have to boot directly to it, delete all old partitions, make new ones and format them to NTFS then continue with the installation, making sure that the next program(s) installed is your Anti-Virus & Firewall, so that when you do reconnect the modem to go on-line your first update is the Anti-Virus so that you can immediately scan the system.

    I then update the Operating System and add AdAware SE, SpyBot SD and SpywareBlaster (and now Microsoft's free beta Antispyware program), update them all and scan everything for Trojans.

    After running CheckDisk (chkdsk) and Defrag I then load all other software, Office, NERO burning and so on.

    After tuning, removing icon arrows, and all icons except the Recycle Bin off the desktop and getting it all to my liking I load the Recovery Console to the hard-drive, image the drive and make an ASR backup as above.

    So I would put in another 256Mb, and, when you get your broadband connection, slipstream SP2 and do a re-install to a partitioned drive. You should see a dramatic improvement in overall running.

    It is all good practice too!
     
  7. angielynn

    angielynn Thread Starter

    Joined:
    Apr 2, 2004
    Messages:
    483
    I removed the Limeshop entry through hijackthis.

    I don't get an option to remove it from the add/remove list when I get the error.

    When I add cable I plan on moving up to 512mb.

    I'll make sure I tell hubby about installing sp2 and let him do it lol it's a bit above my head but I will watch so that I understand what's going on.

    Once again thank you for your help!
     
  8. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
    My pleasure.

    Hope the SP2 install goes well when the time comes.

    Nice knowing you.

    I like your line about tact.

    "Acute sensitivity to what is proper and appropriate in dealing with others, including the ability to speak or act without offending."

    It certainly is better than taking a vow of silence and sneaking about in the background, which makes a mockery of Free speech and self-determination.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Hijackthis scan
  1. hfrei
    Replies:
    1
    Views:
    461
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324543

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice