Home > Hjt > Hjt - Com Hangs

Hjt - Com Hangs

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Amazon Prime Shipping [OpenForum] by tcope396. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\myCompanyName VPN Client\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save

Change the Startup type to Disabled & then click on the OK button Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... It will be located at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. Observations: In last 30 minutes my system didn't freeze and CPU usage is in single digit i can see the progress Waiting for your further instructions. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" *The

Messenger Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Extending wires and lost power [HomeImprovement] by woodruff2511.

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINNT\system32\BHOManager.dll O2 - BHO: Yahoo! Close HijackThis. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This Attached Files Addition.txt 68.34KB 6 downloads FRST.txt 49.6KB 6 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 DuvallBuck DuvallBuck Topic Starter Members 2

Any help would be greatly thanks!Here's the log...Logfile of HijackThis v1.99.1Scan saved at 9:57:45 PM, on 10/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alcohol It should look like this: Close Notepad. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Windows Overlay Components> Double-click on it to open the Properties dialog.

Computer Hangs, Explorer crashes, please look at HJT Log Discussion in 'Virus & Other Malware Removal' started by Ninjabear, Jul 25, 2008. Please contact the MyBB Group for support. Several functions may not work. I really appreciate your help. 01-28-2007, 06:25 PM #4 tetonbob Management Team, Security Center & TSF Academy Expert Analyst, Moderator, Security Team Rangemaster, Moderator, TSF Academy Join

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble...MStarterJP5.cabO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cabO16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - I would start it and it would get half way through downloading the home page and then stop with the "hourglass" in the middle of the screen.I have run mcaffe 8 I followed the scanning steps that were outlined at :http://www.techsupportforum.com/secu...kthis-log.html Thanks in advance Remove Advertisements Sponsored Links TechSupportForum.com Advertisement 01-28-2007, 09:41 AM #2 tetonbob Management Team, Security Center Please print out or copy this page to Notepad.

After the install is complete, go back into the Control Panel and double-click the Java Icon. C:\Documents and Settings\neelaps\2file.tmp -> Downloader.Small.buy : Cleaned with backup (quarantined). Make sure to work through the fixes in the exact order it is mentioned below. C:\Program Files\iPass\iPassConnect\idialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

Please see this thread through to completion. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo!

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Yahoo! Thread Status: Not open for further replies. TekTV [TekSavvy] by bjlockie391.

Please re-enable javascript to access full functionality.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu Delete the following if they exist: C:\WINNT\sysupd.exe C:\Documents and Settings\neelaps\Local Settings\Application Data\hrcopul.dll C:\Windows\xpupdate.exe C:\WINNT\atuvkvm.exe C:\WINNT\system32\svchosts.exe<<

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe O4 - HKLM\..\Run: Are the pop ups happening when you use any browser or is it just a certain browser? Random Runs removed from HKLM "dmsho.exe"=- ... To learn more and to read the lawsuit, click here.

Login on your usual account. MyBB MyBB Internal Error MyBB has experienced an internal error and cannot continue. A case like this could easily cost hundreds of thousands of dollars. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Please update it's definitions, and run a scan where I have placed it in this fix. Click "Do a System Scan Only", and place a check next to the following items (if found): R3 - URLSearchHook: (no name) - {15651C7C-E812-44a2-A9AC-B467A2233E7D} - (no file) F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ptbjdsg.exe Save the log file and post it here. Lastly trojan hunter had this to say "Renamed file C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP389\A0165658.dll to C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP389\A0165658.dll.tcfRenamed file C:\WINDOWS\neted.dll to C:\WINDOWS\neted.dll.tcfRenamed file C:\WINDOWS\SYSTEM32\crhh.dll to C:\WINDOWS\SYSTEM32\crhh.dll.tcfTrojan cleaning finished."Logfile of HijackThis v1.99.1Scan saved at

etc? From some of your comments, there may be more than malware related issues on this system, but we'll do our best to help. --------------------------------------------------------------------------------------------- Download combofix.exe to your desktop. * IMPORTANT Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll After the update finishes (the status bar at the bottom will display "Update successful") select the "Settings" tab.

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Please help me get Thread Tools Search this Thread 01-26-2007, 08:58 AM #1 neelapalas Registered Member Join Date: Jan 2007 Posts: 7 OS: Windows 2000 professional My Preferred shop - Amazon? As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

the exact spelling of this file. To do this click Thread Tools, then click Subscribe to this Thread. Follow the prompts to scan your system for viruses. Run it's Cleaner now.Open the program and Click on Options, then Advanced Uncheck 'Only delete files in Windows Temp folders older than 48 hours' Now click on the Cleaner button Click

Please do so before attempting to browse it. Did you have any trouble performing the batch file instructions? Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates,