Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HijackThis Log-Is it infected or just old? [RESOLVED]


  • This topic is locked This topic is locked

#1
Ssouthrnway

Ssouthrnway

    New Member

  • Member
  • Pip
  • 5 posts
This is a friend's puter ,that just like everything else he owns, is used and abused, rode hard and put up wet. I thought I would give G2G a try and see if there was any hope. I've gone through the first four steps and did a HJT scan here is the log


Logfile of HijackThis v1.99.1
Scan saved at 2:45:57 PM, on 8/29/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewid...oOnlineScan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab


Please take a look and let me know what you think. This guy is on the road allot, and I'm stopping bye and helping as I can. So, if I don't respond immediately do not give up on me. I'll be checking in from my computer and will reply as soon as I can. Thanks Newt
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
HJT log is fine !!! So it may be a cse of old PC.

However, please visit Panda and do an online scan. Save the scan report and post it back here.
  • 0

#3
Ssouthrnway

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey, Thanks for the comeback Tampabelle, This is the guy that is helping out a friend. I am checking out his messages from my computer so I can not do the scan with Panda until tomorrow, Tuesday, morning.
If it is a case of "old 'puter" would it be worth it to try and reduce the number of programs running at start up and in the background. He really only uses it for the Net. Any suggestions? I'll check this forum in the morning and get the Panda Scan to you then. Thanks again for the help. Newt :tazz:
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
you dont have too many programs running which can be disabled !!!!

Only this entry in HJT -

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

Do the scan and we can find out if anything is hiding
  • 0

#5
Ssouthrnway

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well, after waiting forever for the Panda scan to download and scan the only report that I got before My connection with AOL was dropped is the one in the attachment below. It showed up all zeros which I guess is good news.
Should I be able to get a report similiar to the one from HijackThis? and if so how do I save it. Thanks for your assistance. Newt

Attached Files


  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Did Panda complete the scan or did the connection drop before the scan was completed ???


If the scan was completed then I guess that your PC is clean
  • 0

#7
Ssouthrnway

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No, the scan did not complete and I ran out of time waiting on that dinosaur. I'll have to give it a go tomorrow, Wednesday. I did start up the scan again and in what time it did run it detected 2 dialers, but let me get a complete and proper report to you and we can take it from there. Thanks for your patience. Newt :tazz:
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
no problem, post back the log when done.

I need to have it to proceed. Otherwise some infections might be left on your PC.
  • 0

#9
Ssouthrnway

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Tampabelle, you can disregard and close this thread. I finally gutted that dinosaur, reinstalled the OS, Antivirus, firewall and internet provider and left it at that. It aint gonna get any faster! Thanks for the advice and assistance. G2G is a GREAT resource!
Thanks again. Newt :tazz:
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP