PLEASE HELP - Hijack this log

Discussion in 'adware, spyware & hijack cleaning' started by becklett, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. becklett

    becklett Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    10
    Thanks for your help. This computer (dell) also has an issue at start up reading "Primary Hard Drive 1 not found" enter F1 to continue. It may be the CMOS?? I am guessing on this because the clock keeps messing up - any input on this problem would be appreciated. In the meantime.... here is my log - please let me know what you think. Thanks again...

    Logfile of HijackThis v1.97.7
    Scan saved at 1:10:27 AM, on 4/16/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\PSSVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ONTRACK\ZIPMAGIC\ZM32.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SCRNSIZE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\HPZTSB02.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\WINDOWS\SYSTEM\INFWIN.EXE
    C:\PROGRAM FILES\D-LINK\AIR USB UTILITY\AIRCFG.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\SIEMENS\SPEEDSTREAM WIRELESS PCI\SSPCICFG.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOCUMENTS\SYSTEM SCANS\TROJANHUNTER 3.8\THGUARD.EXE
    C:\PROGRAM FILES\QUICK VIEW PLUS\PROGRAM\QVP32.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\MY DOCUMENTS\SYSTEM SCANS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    F1 - win.ini: run=c:\windows\system\scrnsize.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
    O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [infwin] c:\windows\system\infwin.exe /noconnect
    O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
    O4 - HKLM\..\Run: [D-Link Air USB Utility] c:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [THGuard] "C:\MY DOCUMENTS\SYSTEM SCANS\TROJANHUNTER 3.8\THGUARD.EXE"
    O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [Scrnsize] c:\windows\system\scrnsize.exe
    O4 - HKLM\..\RunServices: [Netdllex] c:\windows\system\netdllex.exe
    O4 - HKLM\..\RunServices: [P4mx4] c:\windows\system\p4mx4.exe
    O4 - HKLM\..\RunServices: [Pwr32ctr] c:\windows\system\pwr32ctr.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: Sidekick.lnk = C:\SKW2\SIDEKICK.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Siemens SpeedStream Wireless PCI.lnk = C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.c..._1_5_0.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C....496400463
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004...scan53.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = VECTORLINK.NET
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.11.201,151.164.1.8
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    you do have several nasty viruses/trojans that I assume must have disabled your mcaffee anti virus

    please do this

    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www3.ca.com/virusinfo/

    let the online scanners clean whatever they can and then post back with a result of what they found and a new hijackthis log and we can conbtinue

    I don't think that any of those viruses howver are responsible for the start up message and that does sound like a flat MOBO battery but we can check that after cleaning the viruses
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,144
    Location:
    North Carolina, USA
    Hi becklett,

    I split your HJT log for your second computer off to a new thread located HERE. It gets confusing working on two HJT logs in one thread,

    Regards,
    Kent
     
  4. becklett

    becklett Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    10
    Thank you for your patience. I am back at the 1st computer now and need help. I ran ad-aware 6 - but it froze 1/2 way thru. Spybot froze on update - without an update I was able to clear some spyware. Housecall Trend Micro ran and reported "no virus" BUT... Pandasoftware found and removed :
    Trj/syscente in the operating system and W32/Disemb in My Documents. Both were 'disinfected'. Security symantic - 0 infected and ravantivirus - 0 infected.

    Here is the new log:
    Logfile of HijackThis v1.97.7
    Scan saved at 2:01:07 PM, on 4/19/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\PSSVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\HPZTSB02.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\D-LINK\AIR USB UTILITY\AIRCFG.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\MY DOCUMENTS\SYSTEM SCANS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
    O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect
    O4 - HKLM\..\Run: [D-Link Air USB Utility] c:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [THGuard] "C:\MY DOCUMENTS\SYSTEM SCANS\TROJANHUNTER 3.8\THGUARD.EXE"
    O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [Netdllex] c:\windows\system\netdllex.exe
    O4 - HKLM\..\RunServices: [P4mx4] c:\windows\system\p4mx4.exe
    O4 - HKLM\..\RunServices: [Pwr32ctr] c:\windows\system\pwr32ctr.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: Sidekick.lnk = C:\SKW2\SIDEKICK.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Siemens SpeedStream Wireless PCI.lnk = C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38002.496400463
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = VECTORLINK.NET
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.11.201,151.164.1.8



    Please help -
    Thank you
    Becky
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,144
    Location:
    North Carolina, USA
    Hi becklett,

    These problems are from viruses and I am not quite sure why they are not being detected.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [Mscnt] c:\windows\system\mscnt.exe /noconnect

    O4 - HKLM\..\RunServices: [Netdllex] c:\windows\system\netdllex.exe
    O4 - HKLM\..\RunServices: [P4mx4] c:\windows\system\p4mx4.exe
    O4 - HKLM\..\RunServices: [Pwr32ctr] c:\windows\system\p4mx4.exe

    There also may be hidden files. See HERE for how to show hidden files.

    Then reboot into safe mode and delete:

    c:\windows\system\mscnt.exe
    c:\windows\system\netdllex.exe
    c:\windows\system\p4mx4.exe

    Reboot.

    See if you can run Ad-Aware and SpyBot all the way thru now. Be sure to update both before scanning.

    I would strongly suggest you do another online virus scan. Some good online scans can be found HERE.

    Then post a fresh HijackThis log.

    Regards,
    Kent
     
  6. becklett

    becklett Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    10
    ok... I removed the items listed and then rescaned the system. Still cannot download the updates on spybot, but I can now on ad aware 6. I also scaned online with Panda software. Here is the new log. What do you thinko_O

    thLogfile of HijackThis v1.97.7
    Scan saved at 5:20:50 PM, on 4/20/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\PSSVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\WZCBDL SERVICE\WZCBDL9X.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\HPZTSB02.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\D-LINK\AIR USB UTILITY\AIRCFG.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\INTUIT\QUICKBOOKS PRO\COMPONENTS\QBAGENT\QBDAGENT.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\PROGRAM FILES\SIEMENS\SPEEDSTREAM WIRELESS PCI\SSPCICFG.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\MY DOCUMENTS\SYSTEM SCANS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_5_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
    O4 - HKLM\..\Run: [MMHID] rundll32 mmhid.dll,StartMmHid
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [D-Link Air USB Utility] c:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
    O4 - HKLM\..\Run: [THGuard] "C:\MY DOCUMENTS\SYSTEM SCANS\TROJANHUNTER 3.8\THGUARD.EXE"
    O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ZipMagic] C:\Program Files\Ontrack\ZipMagic\zm32.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [WZCBDLService] c:\Program Files\WZCBDL Service\WZCBDL9X.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
    O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: Sidekick.lnk = C:\SKW2\SIDEKICK.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Siemens SpeedStream Wireless PCI.lnk = C:\Program Files\Siemens\SpeedStream Wireless PCI\SSPCICfg.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_5_0.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38002.496400463
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = VECTORLINK.NET
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.164.11.201,151.164.1.8
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,144
    Location:
    North Carolina, USA
    Hi Becky,

    This log looks clean now. Hopefully your problems are fixed.

    Regards,
    Kent
     
  8. becklett

    becklett Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    10
    Thank you so much !!!
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,144
    Location:
    North Carolina, USA
    Hi Becky,

    It was my pleasure ;) .

    Regards,
    Kent
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.