Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Problems, Freezing Spybot/adaware


  • Please log in to reply
2 replies to this topic

#1 Xalten

Xalten

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 13 July 2006 - 08:17 AM

Hey, I'm having multiple problems with a friends laptop here and I don't know what she got into.

What I've done thus far.
The computer wouldn't even boot right so I booted to safe mode killed all the startup processes in MSCONFIG
It then allowed me to boot normally so I did and un-installed all of the programs they didn't need
Tried to install ad-aware but the install froze at "Searching for previous installed components"
Installed Spybot and tried to run and it froze or started going extremely slow @ bot check 599
Ran HijackThis and killed a lot of things I was sure of that shouldn't be there.
Installed AntiVIr and scanned (200+ things found)
It finally let me install adaware so I did that and it freezes up at around 56000 files while scanning the registry in one of the /SOFTWARE/ folders

So this is where I sit now. Not sure what is wrong but Spybot and Adaware are still freezing. The computer is running a lot better though (IE Can get online, boot up normal, not get re-directed to bogus sites) but I'd like to be able to do some full scans just to make sure and get everything off. Below is the last HijackThis log I took which I really don't see anything else that I can do with it.

Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 4:04:08 PM, on 07/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/069cbad842ea28...ip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 Xalten

Xalten
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 13 July 2006 - 09:42 AM

Just an update. I did a scan with adaware disabling the deep registry scan since that is where it was hanging. It completed that scan (899 things found) and now I'm trying again with the full system scan. I have never seen a computer this messed up!

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:36 PM

Posted 23 July 2006 - 02:32 PM

Hello Xalten and welcome to the BC HijackThis forum. There really isn't much of a log and what is there looks Ok. The biggest problem with this system is how out of date the operating system is. I would start by updating the operating system to SP1 (we'll do SP2 after we see if anything pops up on SP1). The way it is now, it's just like a big security seive letting anything and everything through.

Follow these directions:

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows XP Service Pack 1.a site and install Service Pack 1a.

Once that is done, go back to the Windows Update site and install all available Critical Updates but do not install SP2 at this time. This will patch the system with the most current security fixes and plug all the known holes which are present on this system. If you are not on a broadband connection the Service Pack can be obtained from Microsoft for a nominal shipping fee.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users