Highjack This used as tool to find Windows instabiliity

Problems? Post here...
Post Reply
User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Highjack This used as tool to find Windows instabiliity

Post by Stavros »

CircuitB0mB said I could use Highjack This to find problems for instability. He also said, "..lock-ups in Microsoft products are caused by the indexing or other services either confilicting with one another or conflicting with hardware...". Now on to my problem: I've never used Highjack This (although I have downloaded it to my HD. Could anyone point me to a tutorial?

User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
15
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Post by Nerdz »

Just scan and post the log here... 8)
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:45 PM, on 1/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\AVAST!~1\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avast! Home\aswUpdSv.exe
C:\Program Files\Avast! Home\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avast! Home\ashWebSv.exe
C:\Program Files\Avast! Home\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Stavros\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.12-Delta-enu.exe
c:\d85269d104cefcc0fd\mrtstub.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST!~1\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6864711608
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast! Home\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast! Home\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast! Home\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast! Home\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11566
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

mrtstub - mrtstub.exe - Process Information

Process File: mrtstub or mrtstub.exe
Process Name: unclassified malware

Description:
mrtstub.exe is a process belonging to an unclassified malware which can download other malicious processes and cause unwanted behaviour on your computer. Should be terminated immediatly
that´s the most dangerous one on your system, besides there are some other strange entries like the missing files for Avast, but that could depend on your install settings.... :wink:

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

Avast is installed under whatever name replaces "Standard", so I don't know what's up with that. That system process I can't find in Task Manager. Anything I can do about that?

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11566
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

check the startup- and services-lists in msconfig and test if you can delete the file directly:
c:\d85269d104cefcc0fd\mrtstub.exe
you best save the file on a floppy or USB-stick before you delete it.
afterwards run regcleaner to get rid of possible registry-entries.


the Avast-problem is not THAT dangerous, just be very careful with emails you receive and adjust the settings of your email-client so that mails remain on the server until you decide to download them (if you havn´t it done already)....
:wink:

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

Uh oh. I tried installing Service Pack 2 and it froze during the middle of it. Then I got a message that said my system was unstable and I should uninstall Service Pack 2. I was doing that when I got a freeze during the middle of the uninstall. Double crap. Now I tried to boot up and I'm getting a Windows could not start because the following file is missing or corrupt: <Windows root>\system32\ntoskrnl.exe Please re-install a copy of this file. Does that mean re-format re-install again?

[Edit] I can't find "c:\d85269d104cefcc0fd\mrtstub.exe " under "Services and "Startup" in msconfig.

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

A scan at 5:55 PM (U.S. Central time).

Logfile of HijackThis v1.99.1
Scan saved at 5:54:07 PM, on 1/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast! Home\aswUpdSv.exe
C:\Program Files\Avast! Home\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avast! Home\ashWebSv.exe
C:\Program Files\Avast! Home\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stavros\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6864711608
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast! Home\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast! Home\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast! Home\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast! Home\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

I got this STOP message earlier today:

***STOP 0x0000008E (0xC0000005, 0x80536938, 0xB94C62B4, 0x00000000)

[Exactly as posted on screen]

I googled it and on a forum someone said check RAM, so I ram Memtest86 (yet again). It's been runnign for close to 7 hours (6 hours 47 minutes 00 seconds to be exact). Its ran for 8 Passes and got 0 Errors. I am thoroughly aggrivated.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11566
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

hmmm...well, the file disappeared on the Hijack This-log, but it seems your system is pretty unstable anyway, for how long is it running (I mean the OS and not the hardware)? if you install/deinstall programs it´s just a question of time until your system gets damaged, my personal record is 9 months... :lol:
so maybe you should think about a fresh install.... :wink:

User avatar
Stavros
ΜΟΛΩΝ ΛΑΒΕ
ΜΟΛΩΝ ΛΑΒΕ
Posts: 1090
Joined: 02 Jan 2006, 17:00
15
Location: Mississippi, U.S.A.

Post by Stavros »

Like the actual hardware gets damaged? Wow. Yea. I think I'm going to try XP Home. I'm really up shit creek if that happens. I spent around $1270 give or take a few dollars. Now I only have $500 to fix whatever I fuck up.

Post Reply