Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

rhino06

7 Posts

3983

December 24th, 2004 01:00

comp. help

is there a way to run hijack this from a clean computer on a 'broken' computer?

rhino06

7 Posts

December 24th, 2004 01:00

my laptop is messed up,....i get alot of error messages and when i start up regularly it is extremely sluggish.  I keep getting Bad Image notices, such as:
 
CiceroUIWndFrame: rstrui.exe - Bad Image
 
           The application or DLL C:\WINDOWS\ime\sptip.dll is not a valid Windows image.  Please check this against your installatino diskette.
 
So i was wondering if there was a way to scan my laptop using my desktop?

Midnight Star

4.8K Posts

December 24th, 2004 01:00

rhino,
 
HiJackThis can't do that.
 
Can you boot that system up in "Safe Mode"? or have you tried doing a "Repair" install of your operating system?
 
Mike.

Midnight Star

4.8K Posts

December 24th, 2004 01:00

rhino,

I'm not quite sure I understand your question? Are you asking if it can be done over a network?

Mike.

rhino06

7 Posts

December 24th, 2004 04:00

it does boot up in safe mode,....but had problems getting on the internet earlier.  how do i do a repair using my installation cd?  do i just put it in the drive and let it run?
 
chris

Midnight Star

4.8K Posts

December 24th, 2004 04:00

rhino,

Try here: http://www.windowsreinstall.com/

Mike.

 

rhino06

7 Posts

December 24th, 2004 05:00

i can't connect to the internet through my infected computer,....if i boot in safe mode.   if i boot regularly then it doesn't work at all,.....i ran hijackthis in safe mode but don't know how to get it to this board.   is there a way to get on the internet in safe mode?

rhino06

7 Posts

December 24th, 2004 05:00

can i download spybot sd on my desktop and save it to a cd,...then run it from my laptop (the infected one) and vice a versa with the hijackthis log????

p.s. sorry i'm so computer illiterate

rhino06

7 Posts

December 24th, 2004 05:00

alright figured got my hijack this log:

Logfile of HijackThis v1.98.2
Scan saved at 2:13:41 AM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siena.edu/community/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Grokster] C:\PROGRA~1\Grokster\Grokster.exe /SYSTRAY
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

hope this helps....i sent a log to the computer place at my college and they had me delete a bunch of things,....i tried to do system restore a couple times because it's worked in the past (is that a good thing to do) but had no luck in fixing my problems.   whatever you can do would be great....thanks alot

chris

Midnight Star

4.8K Posts

December 24th, 2004 19:00

Chris,

That's perfectly ok. Now, I need just a little help; bring me upto speed again on what problems your experiencing with the computer this log is from? Specifically? For example, any errors that are popping up, wheter it's only Internet Explorer, etc .,.

When those things were removed from that system was it because of viruses and malware, or were they trying to optimize the system? If optimize, we're there other system changes - like to settings and the registry?

It may take a few post to get the information we need before we can begin trying to fix this; just stick with it!

Mike.

rhino06

7 Posts

December 25th, 2004 04:00

well where to begin,....basically the computer just doesn't run.  when i start the computer regularly,....it's like it freezes,....nothing responds, the mouse still works but can't click on any programs.  when windows loads,....error messages saying bad image,....check against installation diskette.  as for the programs that my college had me delete,...i think that it was mostly spyware...and if it helps at all,...when i run adaware it freezes at the same point every time.   it will stop at CLSID: {then a bunch of numbers}.   as for when i boot in safe mode,....i can't connect to the internet.  if i click internet explorer the web page will just say cannot find server.  hope this answered any questions.

 

Midnight Star

4.8K Posts

December 25th, 2004 04:00

Chris,
 
Since there's no way of knowing just what we need to replace on that system, here's what i'd recommend we do first.
 
1.  From a command line, run "sfc /scannow".
 
This will scan your system for missing or corrupt system files. If it finds one, it'll prompt you for your windows installation diskette.
 
If that doesn't clear up the any problems your having.
 
 
2.  Do a repair installation of Windows. If you do a 'repair', it'll do an in-place installation. You won't lose any of your personal data - it's not like doing a 'clean' install. You can find instructions on how to do this here .
 
3.  When your done with either/ or both, re-run windows update and let it install any critial system patches upto SP2.
 
Mike.
 

Was this post helpful?

View All

No Events found!

Top