Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Problem with computer, hijack this log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Problem with computer, hijack this log

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 24-12-2004, 03:32 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 17
fukii Is a beginner here at D-A-L
Problem with computer, hijack this log
I was recommended to come here about my computer problem. I don't know if this link will work, but here's my original post:

Help, problem with computer, maybe registry keys

If not, then it's located in the Windows98/98SE section. Anyway, I performed a "system scan" using Ad-Aware SE Personal, and nothing's coming up as far as spyware's concerned, but then again, it's not scanning nearly as many files as it had before. I don't know if it's because there aren't as many processes running, or if it's because of something else. I've already tried to use my Norton's Anti-virus program, but right now it's not functional. I keep getting a message that tells me to uninstall and reinstall the program, only I can't seem to do that, either. Someone else told me to do an online virus scan, and I haven't yet, so if you have a good suggestion, I'm more than willing to accept it. Don't want to go to another site that'll only end up putting more garbage on my computer, so a recommendation would be great.

Here's my hijack a log:

Logfile of HijackThis v1.99.0
Scan saved at 8:17:26 AM, on 12/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\S3TRAYHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_5.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {88C5C2FB-75B8-C8BB-D572-EE7460D7AA2D} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [2364.TMP] C:\WINDOWS\TEMP\2364.TMP.exe 0 28129
O4 - HKLM\..\Run: [2364.TMP.EXE] C:\WINDOWS\TEMP\2364.TMP.EXE 0 28129
O4 - HKLM\..\Run: [Budex4] C:\KUGSI.EXE
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\GogoLaunch.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [CRAI32.EXE] C:\WINDOWS\CRAI32.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe



Any and all help that can be given would be greatly appreciated. Thanks.
Last edited by owen; 24-12-2004 at 07:58 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 24-12-2004, 08:04 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Problem with computer, hijack this log
Hiya,
You have a HSA Infection and a few other baddies. So please follow these instructions.

1. Download AboutBuster http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to your desktop but don't run it yet.

2. Download Ad-aware from here. Open the Ad-aware program and near the bottom click the Check For Updates link. This will open the update manager. Follow the prompts to update your Ad-aware Reference File. Close Ad-aware for now, we will use it later.

3. You may want to print out these instructions for further reference when completing the following steps.

4. Ensure you are showing Hidden Files and Folders as per instructions here.

5. Then reboot your PC into Safe Mode. If you don't know how to do this, see here for further instructions.

6. Restart Hijack This and put a checkmark next to the following entries and click Fix Checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vlncy.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {88C5C2FB-75B8-C8BB-D572-EE7460D7AA2D} - blank (file missing)
O4 - HKLM\..\Run: [2364.TMP] C:\WINDOWS\TEMP\2364.TMP.exe 0 28129
O4 - HKLM\..\Run: [2364.TMP.EXE] C:\WINDOWS\TEMP\2364.TMP.EXE 0 28129
O4 - HKLM\..\Run: [Budex4] C:\KUGSI.EXE
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\RunServices: [CRAI32.EXE] C:\WINDOWS\CRAI32.EXE
O15 - Trusted IP range: (HKLM)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://Cne.MHT!http://www.t058.com//inst//x.chm::/open.exe

Then delete the following files and folders:

C:\KUGSI.EXE
C:\WINDOWS\LMU.exe
C:\WINDOWS\CRAI32.EXE

7. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

8. Scan with Adaware and let it remove any bad files found.

9. Download SSS from here. Run the program and on the items to clear tab select both "Temporary Files" options and the "Recycle Bin" option. Then click Clear Selected Items.

10. Reboot to normal mode

11. Finally, pay a visit to Housecall. Scan for and remove any infected files found on your system.

Post a fresh HijackThis log and the AboutBuster report back here please.
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 26-12-2004, 02:56 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 17
fukii Is a beginner here at D-A-L
Re: Problem with computer, hijack this log
Hey there,

Okay, I ran into some difficulties. I can't get my hidden files to show because the option is no longer visible in my "folder options" commands. I did a search to find those files you instructed me to delete, but I was only able to find LMU.exe.

It seems that I can no longer get into my main drive -- won't let me doubleclick on it, and the "Open" command in my "File" tab on my toolbar is now labeled as "blank". -(EDIT: Nevermind this part. I can still access it using my "Explorer" file, although the "Open" command is still labeled as "blank".)

Plus, I'm unable to run the virus scan from the Housecall website. It keeps telling me that I don't have the right components installed into my Netscape browser, but whenever I try to install the right components, the installation program can't seem to find whatever file or folder to place them in. I downloaded FireFox to see if that would help me bypass this problem, but so far, no luck. I tried downloading the 30-day trial version, but it keeps telling me that I have to uninstall my Norton AntiVirus program (something that I can't do).

Here's my current HijackThis log:

Logfile of HijackThis v1.99.0
Scan saved at 7:46:22 PM, on 12/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\S3TRAYHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_5.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\DESKTOP\SSS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)


And my AB Log:

Scanned at: 8:53:11 PM on: 12/25/04

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

A few lines that you told me to have "fixed" keep popping back up with every scan that I do.

So that's my current situation.

EDIT: I just tried listing and exposing my hidden files using the method as detailed in this thread:

Help viewing hidden files

But, the files KUGSI.EXE, LMU.exe, and CRAI32.EXE weren't found. I typed them out as ATTRIB "KUGSI.EXE"-h, and they were all listed as "File Not Found". But then again, I'm also not sure I typed all the DIR commands properly, or if I completely missed the files I was supposed to be looking for. XP
Last edited by owen; 26-12-2004 at 11:43 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 26-12-2004, 11:48 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Problem with computer, hijack this log
Boot into Safe Mode.

Fix these entries in Hijack This:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - Trusted IP range: (HKLM)

Reboot and post a fresh log

Quote:
Originally Posted by fukii
and the "Open" command in my "File" tab on my toolbar is now labeled as "blank"
What toolbar?

Quote:
Originally Posted by fukii
I'm unable to run the virus scan from the Housecall website. It keeps telling me that I don't have the right components installed into my Netscape browser, but whenever I try to install the right components, the installation program can't seem to find whatever file or folder to place them in.
You need to download Java from www.java.com.
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 27-12-2004, 03:37 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 17
fukii Is a beginner here at D-A-L
Re: Problem with computer, hijack this log
Quote:
Originally Posted by owen
Boot into Safe Mode.

Fix these entries in Hijack This:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - Trusted IP range: (HKLM)

Reboot and post a fresh log
Okay, here you go:

Logfile of HijackThis v1.99.0
Scan saved at 8:30:50 PM, on 12/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\SSS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)

Those particular lines show up, no matter how many times I scan with hijackthis.

Quote:
Originally Posted by owen
What toolbar?
Sorry, I was referring to the "File, Edit, View, Go, Favorites, Help" tabs at the top of every folder.

Quote:
Originally Posted by owen
You need to download Java from www.java.com.
This is the message that I got every time I tried to download it:

"Error 1401. Could not create key Software\Microsoft. Verify that you have sufficient access to that key, or contact your support personnel."
Last edited by fukii; 27-12-2004 at 05:29 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 28-12-2004, 12:00 AM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Problem with computer, hijack this log
Go to Start> Run and type regedit.

Go to the following key in the registry and click it:

HKEY_LOCAL_MACHINE\Software\Microsoft

On the Edit menu, click Permissions.

Make sure that the Administrators group has Full Control and Read permissions selected. If they are not, follow these steps:
  • Click to select the Full Control check box.
  • Click to select the Read check box.
  • Click the Advanced button.
  • Click to select the Replace permission entries on all child objects with entries shown here that apply to child objects check box.
  • Click OK.
  • You receive the following error message:

This will remove explicitly defined permissions on all child objects and enable propagation of inheritable permissions to those child objects. Only inheritable permissions propagated from Classes will take effect.

Do you wish to continue?
Click Yes, and then click OK.

You may receive the following error message:
Registry Editor could not set the security in the key currently selected, or some of its subkeys.

Click OK.

Then try installing Java again.

------------------------------

Then download the attached DelDomains.zip and unzip it. Right click the DelDomains file that you have unzipped and click Install. It will perform a silent process.

Reboot and post a fresh Hijack This log.
Attached Files
File Type: zip DelDomains.zip (497 Bytes, 3 views)
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 28-12-2004, 06:04 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 17
fukii Is a beginner here at D-A-L
Re: Problem with computer, hijack this log
Quote:
Originally Posted by owen
Go to Start> Run and type regedit.

Go to the following key in the registry and click it:

HKEY_LOCAL_MACHINE\Software\Microsoft

On the Edit menu, click Permissions.
It doesn't look like I have a "Permissions" option under my Edit menu. Instead, I have these:

New
Delete
Rename
Copy Key Name
Find . . .
Find Next

I can't find "Permissions" under any of the other tab menus, either, but I did find a Text "Java Permissions" in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\InternetSettings\SO\JAVAPER\JAVA
Last edited by fukii; 28-12-2004 at 06:15 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 28-12-2004, 09:37 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Problem with computer, hijack this log
It must not have the Permissions option in Windows 98, I don't know because I don't and never have used 98, I only have XP and 2000.

Click directly here and download the Java file. Run it and try the install. If you get the error again, post back.

Either way, post a new Hijack This log please.
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 29-12-2004, 06:28 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 17
fukii Is a beginner here at D-A-L
Re: Problem with computer, hijack this log
Okay, I got the same error message when trying to install Java, but I went ahead and downloaded the DelDomains.zip you told me to. Here's my hijackthis log:

Logfile of HijackThis v1.99.0
Scan saved at 11:22:45 PM, on 12/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\S3TRAYHP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 30-12-2004, 09:20 PM
owen's Avatar
D-A-L Team Member (UK)
Loyal Contributor
  
Join Date: Jun 2004
Posts: 5,272
owen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furnitureowen is beginning to become part of the furniture
Re: Problem with computer, hijack this log
Download the attached fix.zip. Unzip it and double click the file fix.reg inside. Confirm the merge with the registry and you will get a successful message.

Then reboot and post a fresh log.
Attached Files
File Type: zip fix.zip (396 Bytes, 3 views)
__________________
Owen,
My Website - I Security.org.uk

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.4 _|_ Ad-Aware SE 1.06_|_ HijackThis Log __V1.99.1 _|

[*]Be patient and wait for a response, we'll do our best to help resolve your issue.
[*]When posting for help, start your own thread and stick to it. Don't start multiple threads or post in other peoples threads!

If we have helped you, please consider making a donation to help support the forum. All donations are greatly appreciated. You can also support the forum by placing a link to us on your personal website.

Useful Links:
Posting a Hijack This Log
Preposting and Prevention Info
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Computer Hardware setup problem, Computer shuts down after 10-30 seconds AngelOo713 General Hardware Issues 3 26-08-2006 12:28 AM
computer crashes - my hijack this log vandra15 Spyware, Adware, Viruses and HijackThis Logs 4 04-04-2005 10:50 PM
Computer problems - HiJack This log Neko_nushi Spyware, Adware, Viruses and HijackThis Logs 13 19-01-2005 07:45 PM
Hijack this/computer freezes fgrocker Spyware, Adware, Viruses and HijackThis Logs 3 09-01-2005 12:47 AM
Computer is not well, please help! Hijack Log. monkey21 Spyware, Adware, Viruses and HijackThis Logs 1 12-11-2004 05:22 PM


All times are GMT +1. The time now is 05:25 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav