HijackThis log - please help

Computing.Net > Forums > Security and Virus > HijackThis log - please help

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

HijackThis log - please help

Name: ais
Date: February 22, 2004 at 14:04:04 Pacific
OS: Win 98 Ver 4.10.2222
CPU/Ram: Intel Celeron 468MHz 192M

Comment:

I would be grateful if you guys could have a look at my HijackThis log below. I have run both AdAware and a^2 (updated) and both report the absence of any ad- or malware. However, the computer is still behaving stangely. It doesn't shut down naturally (just hangs), and the control panel programs all give the message "Access to the specified device, path, or file denied".
Please look at the log and help me.
-------------------
Logfile of HijackThis v1.97.7
Scan saved at 22:02:36, on 22/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\FLCSS.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\INTERNAT.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\WINAMP3\WINAMPA.exe
C:\WINDOWS\SYSTEM\WINDOWS.exe
D:\PROGRAM FILES\A2\A2GUARD.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
D:\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.107-deleon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.107-deleon.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n
O4 - HKLM\..\Run: [Windows Scan] WINDOWS.exe
O4 - HKLM\..\Run: [Explkw] C:\WINDOWS\SYSTEM\expup.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [a�] "d:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [prrzny46rh] C:\WINDOWS\51F5FK7A7E.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.exe
O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - User Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://uk.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.6337731481

Sponsored Link

Ads by Google

Response Number 1

Name: sxshep
Date: February 22, 2004 at 17:07:08 Pacific

Reply:

Ais,
Amongst other things you have a virus, a dialer, and various assorted pests.
Suggest you get a free online scan at these sites:
http://www.ravantivirus.com/scan/
http://housecall.trendmicro.com/
Run them both, follow the instructions, and have them remove all.
You should visit Windows Update and download SP1 (Service Pack 1) and all critical updates as many are security related .
Then visit the site often to keep your system current with the latest patches etc.
http://v4.windowsupdate.microsoft.com/en/default.asp
Consider obtaining an AntiVirus Program.
When through post a new HJT log to clean up the rest.

Shep

Response Number 2

Name: ais
Date: February 23, 2004 at 10:42:54 Pacific

Reply:

Many thanks, Shep

Response Number 3

Name: ais
Date: February 23, 2004 at 16:07:29 Pacific

Reply:

Hello again,
This is the updated HijackThis log. I have run McAfee, Ad-Aware (with update of yesterday), Ravantivirus, and HouseCall. Removed a couple of trojans and the Fun virus.
I tried to install all Microsoft security patches but had a couple of problems (they just wouldn't install).
My main issue now is that the control panel still gives me the same message as above -the control panel programs all give the message "Access to the specified device, path, or file denied". Which is wierd.
Please help.
--- updated HijackThis log
Logfile of HijackThis v1.97.7
Scan saved at 00:01:19, on 24/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MDM.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\INTERNAT.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\WINAMP3\WINAMPA.exe
D:\PROGRAM FILES\A2\A2GUARD.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCMNHDLR.exe
C:\PROGRAM FILES\MCAFEE.COM\SHARED\MGHTML.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
D:\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://uk.yahoo.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.107-deleon.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.107-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [a�] "d:\Program Files\a2\a2guard.exe"
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.exe
O4 - User Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - User Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_2.0.107-DELEON.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://uk.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38038.6337731481
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4326/mcfscan.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab

Response Number 4

Name: ais
Date: February 24, 2004 at 01:39:10 Pacific

Reply:

Hi guys,
I think it's all been fixed now. I managed to install all the Microsoft security updates and finally could get access to the Control Panel programs. It turned out that rundll32.exe was corrupted (by some trojan/virus) and needed to be restored. I did that by means of running (Start-Run) sfc and it automatically detected that rundll32 and something else were corrupted. It restored them from the Windows 98 CD.
I think I am virus and trojan free (for the time being).
Thanks to all
ais

Sponsored Link

Ads by Google

download yahoo messager again gnu ar openssh logging windows cannot access the specified device path or file tvdebug.log software.log internat.exe pctptt.exe rip embedded flash html yahoo status	XCOPY LOG machine debug manager vista catalyst ai patch panel diagram ai booster vso devices M2NC51-AR log_fs.log Mcafee hijackthis yimg.com
See More

I'm worried

Program File Viruses (Stu...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: HijackThis log - please help

Hijackthis Log Please HELP!

Summary

www.computing.net/answers/security/hijackthis-log-please-help/8684.html

HijackThis Log - Please Help

Summary

www.computing.net/answers/security/hijackthis-log-please-help/8681.html

drpeper (hijackthis log included)

Summary

www.computing.net/answers/security/drpeper-hijackthis-log-included/9800.html

From the Geek Dictionary
HDD - This acronym stands for Hard Disk Drive.

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
copy file different size

amd duron uprao upgradation

xcopy to file without extension

Desktop bigger than the screen

EXE files opening in IE 7 in Vista 64bit

All Awaiting Reply

Tom's News
Google Launches Free Public DNS Service

UK Street May Be Named After Lara Croft

Universal to Release Blu-ray/DVD Combo Disc

Orangutan Takes Pics, Shares via Facebook

Man Suffocates Baby Over Gaming Marathon

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE