Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis Log-Is it infected or just old? [RESOLVED]

Started by Ssouthrnway , Aug 29 2005 01:02 PM

  • This topic is locked This topic is locked

#1
Ssouthrnway
Posted 29 August 2005 - 01:02 PM

Ssouthrnway

    New Member

  • Member
  • Pip
  • 5 posts
This is a friend's puter ,that just like everything else he owns, is used and abused, rode hard and put up wet. I thought I would give G2G a try and see if there was any hope. I've gone through the first four steps and did a HJT scan here is the log


Logfile of HijackThis v1.99.1
Scan saved at 2:45:57 PM, on 8/29/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://download.ewid...oOnlineScan.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab


Please take a look and let me know what you think. This guy is on the road allot, and I'm stopping bye and helping as I can. So, if I don't respond immediately do not give up on me. I'll be checking in from my computer and will reply as soon as I can. Thanks Newt
  • 0

Advertisements

#2
tampabelle
Posted 29 August 2005 - 03:28 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
HJT log is fine !!! So it may be a cse of old PC.

However, please visit Panda and do an online scan. Save the scan report and post it back here.
  • 0

#3
Ssouthrnway
Posted 29 August 2005 - 06:34 PM

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey, Thanks for the comeback Tampabelle, This is the guy that is helping out a friend. I am checking out his messages from my computer so I can not do the scan with Panda until tomorrow, Tuesday, morning.
If it is a case of "old 'puter" would it be worth it to try and reduce the number of programs running at start up and in the background. He really only uses it for the Net. Any suggestions? I'll check this forum in the morning and get the Panda Scan to you then. Thanks again for the help. Newt :tazz:
  • 0

#4
tampabelle
Posted 29 August 2005 - 07:21 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
you dont have too many programs running which can be disabled !!!!

Only this entry in HJT -

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

Do the scan and we can find out if anything is hiding
  • 0

#5
Ssouthrnway
Posted 30 August 2005 - 09:42 AM

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well, after waiting forever for the Panda scan to download and scan the only report that I got before My connection with AOL was dropped is the one in the attachment below. It showed up all zeros which I guess is good news.
Should I be able to get a report similiar to the one from HijackThis? and if so how do I save it. Thanks for your assistance. Newt

Attached Files


  • 0

#6
tampabelle
Posted 30 August 2005 - 10:15 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Did Panda complete the scan or did the connection drop before the scan was completed ???


If the scan was completed then I guess that your PC is clean
  • 0

#7
Ssouthrnway
Posted 30 August 2005 - 11:56 AM

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No, the scan did not complete and I ran out of time waiting on that dinosaur. I'll have to give it a go tomorrow, Wednesday. I did start up the scan again and in what time it did run it detected 2 dialers, but let me get a complete and proper report to you and we can take it from there. Thanks for your patience. Newt :tazz:
  • 0

#8
tampabelle
Posted 30 August 2005 - 12:45 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
no problem, post back the log when done.

I need to have it to proceed. Otherwise some infections might be left on your PC.
  • 0

#9
Ssouthrnway
Posted 31 August 2005 - 12:09 PM

Ssouthrnway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Tampabelle, you can disregard and close this thread. I finally gutted that dinosaur, reinstalled the OS, Antivirus, firewall and internet provider and left it at that. It aint gonna get any faster! Thanks for the advice and assistance. G2G is a GREAT resource!
Thanks again. Newt :tazz:
  • 0

#10
tampabelle
Posted 31 August 2005 - 01:22 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP