Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log - eaglesimvac2


  • Please log in to reply
10 replies to this topic

#1 eaglesimvac2

eaglesimvac2

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 18 December 2004 - 07:34 AM

description of the problem: recently, 3 months ago, i've installed win xp pro with sp2. the sp2 came with the cd. everything work just fine till a month ago. then the pc start to freeze everytime i surfed the net. those freeze require a restart of the machine. during a searcg at the net, i found out that the feeeze where caused by the ActiveX controls. once i've disabled them via the security tab in internet options, the pc don't hangs everytime i surf. i would like to enable the ActiveX controls so i can watch flash animation in the net. i've tried everything. even format. nothing help. system info: pIII, 450 MHZ, 64 RAM. about the amount of RAM, you gonna tell me that i should put more ram. but it just worked fine with this amount of ram during the previous 2 months. so i don't think that this is the issue here. i created a hijackthis log, maybe the answer is there. i really apriciate your help!!! thanx a lot!!!

hijackthis log:
Logfile of HijackThis v1.99.0
Scan saved at 14:18:13, on 18/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\ICQ\Icq.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\UNKNOW~1\LOCALS~1\TEMP\$wc\HIJACK~1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C9819A-E019-498C-98EF-F4628A7AD488}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe


*****************
nothing was deleted from the current log.

thanx again.

BC AdBot (Login to Remove)

 


#2 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 18 December 2004 - 09:16 PM

Your logfile is being analyzed now, and a response will be posted shortly.

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#3 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 18 December 2004 - 09:44 PM

Thank you for sending your HijackThis log.


You are running HijackThis from temp files, which is an unsafe location.

Please move your "HijackThis.exe" into a newly created folder (such as C:\HJT) to ensure that backup files are reliably saved. We're eventually going to clean out the tempfiles as part of the fix.

It may be easier to simply download the latest version of HijackThis(v1.99) and unzip it into C:\HJT.


I find a single problem in your HijackThis log. I cannot tell if it is causing your system problems, but it needs to be fixed. At the same time, I am recommending that you run several other automated scanner/cleaners for malware.


To start, follow this link for instructions to enable 'show all files' for your system.


1 -- Please follow the instructions in this link below to download and run Spybot & AdAware SE: Spybot & Adaware Tutorial

Please let me know if anything can not be cleaned by these utilities.


2 -- Run HijackThis, and press Scan, and put a check against the following entries, if they still show up. Make sure all browsers and program windows are closed except for HijackThis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm


Once you have selected all the items for HJT to fix, and remember to make sure all browsers and program windows are closed except for HijackThis, then click fix checked.


3 -- Reboot into Safe Mode (How do I boot into "Safe" mode?), then use Windows Explorer to delete the following lists of program files and folders, if they still exist.


C:\WINDOWS\SYSTEM\blank.htm <-- this file


4 -- Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Please let me know about any problems with the temp file deletes.

Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Rinse, lather, repeat until folder is empty



5 -- Now, reboot normally and run either of these two Online virus scans: Panda Active Scan or TrendMicro Housecall and put on Auto Clean.


Now, reboot once again, and run HijackThis to create a new logfile. Repost it here, and if you had any problems with the steps outlined above, please let us know what they were.

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#4 eaglesimvac2

eaglesimvac2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 20 December 2004 - 11:15 AM

thanx a lot for the answer! i'll try every one of the step in te above, and reply a answer wuth the solution. thanx a lot again!

#5 eaglesimvac2

eaglesimvac2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 20 December 2004 - 01:19 PM

first at all thanx a lot for the answer. i hoped it helped. i've done step-by-step everyone of the step describes in the post. i didn't have any problems deleting the item that spybot s&d and ad-aware se found. i fixed the entrie that you told me, using hijackthis, and did a search for a file called blank.htm in safe mode. i didn't find the file in the location c:\windows\system , but i did find it in 3 different locations:
c:\windows\system\oobe\blank.htm
C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
c:\program Files\Common Files\Microsoft Shared\Stationery\blank.htm

also, i've deleted all the temporary internet files and temp files as you told me. i restart the pc and run de panda scan you recommended to me. it didn't found any virus. for the scan i had to enable the activeX components, which is causing the problem i am sufering. finally i did hijackthis log as you told me. there is the log:

Logfile of HijackThis v1.99.0
Scan saved at 20:06:09, on 20/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Brian's\Setups\7676\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

********************** END OF THE LOG

i am not sure that the problem is gone, this is a thing i am gonna to examinate during the next days. meanwhile, i wanted to thank you for your help. if the problem is gone, or if it isn't, i'll post a msg during this week.

thanx a lot again!

#6 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 20 December 2004 - 09:02 PM

Thanks you for the update and the excellent details.

You are very welcome. It is a pleasure to help.

The HijackThis logfile is now clear of any malware. Well done :flowers:

I will look forward to your progress report in a few days.


Now, please allow me to suggest some prevention steps to keep your computer clean and secure going forward. You have already taken two of these steps, but it never hurts to take a quick look :thumbsup:

1 -- Make sure you update your McAfee anti-virus program it at least once a week.

2 -- To reduce re-infection potential for malware in the future, I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.

3 -- Use AdAware SE and Spybot S&D to regularly to scan your system.

4 -- Continue to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

5 -- I strongly recommend that you consider using a software Firewall. Just by using a Firewall in its default configuration can lower your risk greatly. Check out what Lawrence Abrams has to say at Understanding and Using Firewalls

An excellent overview is: So how did I get infected in the first place?. Be sure to visit the browser test link at the end of the article to really see how secure your system is!!

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#7 eaglesimvac2

eaglesimvac2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 21 December 2004 - 01:09 PM

first of all thanks for all the sugestions. i will apply each of them soon. firewall i have already. i am using the windows firewall. i always keep my windows up to date, using windows update tool.

by yesterday i've noticed the same problem. the pc just freezes while surfing the net using IE. i can't tell why.
it all started once when i installed Adobe Photoshop album 2.0 which require 256 RAM. i need it so bad, so i try to run it even though i have only 64. then the pc start to freeze when i used the program and when i surfed the net. when i saw what the program makes to the pc i uninstalled it. the pc still go on freezing during surfing. i decided to format and reinstall all the system back to point 0, even the software i used to have before installing adobe photoshop album 2.0 , which i didn't believe that they cause the problem. even though, the pc go on freezing. after that format i have NOT installed on the pc any Adobe software.
can it be posible that trying to run adobe photoshop album which required 256 ram on a pc which have 64 ram cause a damage to the memory card???

thanks a lot for helping me!

#8 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 21 December 2004 - 08:23 PM

Thanks for the note.

I do not think that the Adobe software caused damage to the actual memory hardware.

What I understand to happen when more memory is needed than you actually have installed is to cause quite a lot of 'swapping' of pages in RAM memory out to the 'virtual memory' on the disk drive. This 'swapping' activity could easily result in the slow downs or 'freezes' you experienced.

And, even the uninstall of Adobe may not solve the problem once it is introduced.

Also, I note that Windows XP usually wants more than 64 MB of memory, so you may be having a lot of 'swapping' from RAM to 'virtual memory' just from that.

Now that you have done the reformat and re-install, are the freezes continuing to happen?

Also, be sure to install the protection programs once you have rebuilt you system.

daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#9 eaglesimvac2

eaglesimvac2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 22 December 2004 - 12:38 PM

you welcome. as i wrote before, i still sufer from system freeze, even after i formated the system.

what i can't explain is how it work fine till a month ago...


thanks again!

#10 eaglesimvac2

eaglesimvac2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 24 December 2004 - 12:34 PM

first of all i want to thank you for being so patient and help me with the problem i have. yesterday a tech guy checked my computer, and found out that the motherboard have some electronic problem, which possibly could be the reason for the problem i sufered. in the next days i will buy a new pc. thanks again.

#11 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 24 December 2004 - 12:45 PM

You are very welcome.

Congratulations ont he new pc :thumbsup:

When it arrives, please be sure to review the prevention suggestions I posted earlier, so that you may stay free of malware problems going forward.

Thank you again for visiting BleepingComputer

daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users