MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Error message when running hijackthis
September 20, 2019, 05:44:20 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 20, 2019, 05:44:20 AM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Error message when running hijackthis  (Read 1392 times)
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« on: January 27, 2005, 03:26:14 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:XP SP2
Problem Application Name & Version:hijackthis
Problem Hardware Make & Model:H-P
Error Messages:HiJack This had generated errors and would have to be restarted.


I downloaded HikackThis1.99 a month or so ago, saved it to the Folder where I run HijackThis from, but never ran it on this specific newer model H-P PC... but ran it successfully on my other PCs. When ran HiJack This on this particular newer model H-P PC, it began scanning and then I got a message saying HiJack This had generated errors and would have to be restarted. Every time I restart it, I get the same message.  Should I go back to 1.98?  Is there a known issue with this version?

Thanks,
Jeff


Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: January 27, 2005, 04:31:13 AM »

Yes you should... Wink

Version 1.99 runs into a problem if you have a certain rootkit installed and it is very difficult to kill this rootkit...

Also..do have InCd installed on your PC?
If you do try upgrading to the latest version by visiting their website.

Cactus
« Last Edit: January 27, 2005, 04:43:40 AM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #2 on: January 27, 2005, 02:17:07 PM »

I'm not sure what a rootkit is.  Is it installed when a PC is upgraded to SP2?  This is the only machine that I use that was upgraded to sp2.  And, no sir, that InCd application has not been installed on this PC.

Thanks for your help.  I'll try the HijackThis 1.98 tonight when I get home.

Jeff
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: January 27, 2005, 03:27:58 PM »

Don't delete HJT Ver. 1.99...

Download the 1.98 Version into a different Folder and if you can run it..post back here in THIS thread with the logfile.

We'll try and run Version 1.99 later...

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #4 on: February 08, 2005, 03:43:11 AM »

Hey Cactus.  This PC has been out of my possession for a couple of weeks now.  My wife had to use it at her office.  But, I don't get off of work before they close so I've had a hard time getting this HijackThis log that you asked me to get.  But I did get it today.  Here it is...

Logfile of HijackThis v1.98.2
Scan saved at 4:38:17 PM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Outlook Express\msimn.exe
C:\UTILITIES\HiJackThis1.98\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\Run: [EasyAV] C:\WINDOWS\EasyAV.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - https://vapwca.ops.placeware.com/etc/place/CHAIR/VACpws-a3s/5.1.0.121/lib/quicksilver.cab


thanks,
Jeff
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: February 08, 2005, 04:11:14 AM »

Hi Jeff .. your PC has the W32.Netsky@mm worm .. Lips Sealed

Download the Removal Tool from here: http://securityresponse.symantec.com/avcenter/FxNetsky.exe

Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
 
Disable System Restore

Double-click the FxNetsky.exe file to start the removal tool

Click Start to begin the process, and then allow the tool to run

Restart the computer

Run the removal tool again to ensure that the system is clean

Re-enable System Restore

When the tool has finished running, you will see a message indicating whether W32.Netsky@mm infected the computer. In the case of a removal of the worm, the program displays the following results:
Total number of scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries

Re-run HJT and post back with a new logfile.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
jeffcox
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 97


Bookmark and Share

View Profile
« Reply #6 on: February 08, 2005, 04:32:03 AM »

Where do you see that?  Is it that startup entry "C:\WINDOWS\system32\services.exe
"?  I do not see the registry entry in HJT that would start it?  It is really tough for me to get in there in the evenings or even the weekend for that fact.  Can you please confirm how you see it so that I can get their attention and prove to them that I will need to have someone stay over to let me come in and fix the problem?  

thanks,
Jeff
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #7 on: February 08, 2005, 05:05:00 AM »

O4 - HKLM\..\Run: [EasyAV] C:\WINDOWS\EasyAV.exe

http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=224


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 05, 2017, 02:54:59 AM