Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log As Advised


  • This topic is locked This topic is locked
27 replies to this topic

#1 neil_s

neil_s

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 June 2006 - 02:39 PM

I posted on here earlier today re problems with the office pc.

The pc in question is one of 4 in a small business (I am using the one from my office), and the others are not affected.

Windows XP
Packard Bell
AMD Athlon - XP 2200+
1.80 GHz
368mb of ram


Can't connect to the internet although over 60 windows collate in the system tray.

Disk cleanup stalls, and also can't boot in safe mode to run it. Have tried start>run>cleanmgr but this doesn't get going either.

Have managed to run Norton, Ad-aware & Spybot, although as I can't connect, I can't get updates. Nothing much found on any.


Various error messages;

"MPRAPI.dll not found" - comes up when trying to update Ad-aware & also when trying to run Taskmanager to see what is running.

"CCID_E~2.htm does not exist" - when trying to manually delete Temporary Internet Files.

"Path 3.33 does not exist" - comes up randomly.


Am now at home on a separate laptop with office pc next to me. Logfile follows, any help would be very welcome!



Logfile of HijackThis v1.99.1
Scan saved at 20:21:20, on 05/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NETWORK SERVICE - {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} - C:\WINDOWS\system32\msupdate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [r3tR36V] javtcfg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1904082aa3b3d0...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125063619937
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 06 June 2006 - 09:08 AM

Hello,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here to get Service Pack 1

Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.

After you have updated your computer to SP1, please restart your computer and post a new HJT log.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 06 June 2006 - 09:15 AM

Posted on a wrong thread, sorry. Please read my previous post.

Edited by Jag11, 06 June 2006 - 09:16 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#4 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 07 June 2006 - 05:02 AM

Hello

Thanks for the reply and apologies for not getting back sooner.

I've downloaded the SP1 to my pc and via memory stick have tried to load it to the other one. However, during installation, an error message "Setup cannot copy the file pintlgix.im_" so therefore SP1 can't load.

I did download the SP from the link provided, but as this had an error somewhere when trying to load it, I downloaded another version from elsewhere.

Any ideas..........??

Thanks

Neil

#5 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 07 June 2006 - 05:47 AM

Hmm, I can't find any information about that error. Is that the exact message it gave you? Or have you tried to download it again?

I downloaded another version from elsewhere.


What do you mean by 'elsewhere'? Where did you download it?
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#6 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 07 June 2006 - 06:43 AM

Downloaded from www.softwarepatch.com (I think...)




The message was

"Copy error

Setup cannot continue

Ensure the ????? specified below is correct or change t & insert (unknown) in the ??? you specify.


(drop down menu)

Copy files from

c:\8df5f1ccc05a7d46aaa0\lang."


You may have noticed some "???" above. This is because I wrote it down quickly and can't read my own writing..... And from this, the secretary tried to get into an accounts package, and now the computer keeps restarting unaided until it starts to load windowns, a blue screen comes up for about 10 seconds and then it restarts, goes through the same process, restarts etc etc.........

It's fun here!!

Any further ideas??


Many thanks

Neil

#7 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 07 June 2006 - 08:52 AM

I need to get it clear. :thumbsup:

Ok, so you downloaded SP1 from Microsoft (the link I gave you) and it gave you that error?

OR the installer from that site you gave is the one giving you the error?

Are there buttons to continue with that error message? Any buttons for "OK" or "Continue"? Looks like it's finding the location where to copy the files, are there any other options in that drop down menu?

About that blue screen, it can be BSOD, can you tell me the message it shown?

Edited by Jag11, 07 June 2006 - 08:55 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#8 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 07 June 2006 - 09:15 AM

The link you gave me produced an error when i tried to load it on the other pc, but I can't remember the wording.

I then downloaded the same file from another site which went further in installation, but gave the error as detailed before.

As mentioned, the pc will only boot as far as the blue screen before it restarts, so therefore I can't give a more detailed description of the error message.

Should I try starting it in safe mode? If so, this wasn't very succesful the other day.....

Apologies for not having too many details

Neil

#9 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 07 June 2006 - 09:17 AM

Oh.. I thought you were able to download the Service Pack from Microsoft. Let's try this, do this on your infected machine (the one we're trying to clean)

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)
  • Click on Windows Validation Assistant
  • Click on the Validate Now button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click continue
  • When it says "Validation Complete" please click Continue to return to your previous activity
  • Copy what it says and paste it here.

Edited by Jag11, 07 June 2006 - 09:17 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#10 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 07 June 2006 - 09:24 AM

I can't get the infected machine to boot up, and even if I could, it wouldn't connect.......

Is there anything I can do on this one, save to stick, and then try to reboot the other??

#11 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 07 June 2006 - 09:28 AM

You mean you can't even boot it up now???
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#12 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 07 June 2006 - 09:35 AM

That's correct.

Through the normal start-up process;

Packard Bell screen>Operating system to start screen>WindowsXP logo>Blue screen. Repeat indefinately

Pressing F8 gives 3 options

Floppy
IDE-O
CD Rom

No mention of safe mode or anything else.

#13 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 08 June 2006 - 04:18 AM

Hello neil :thumbsup:

Can you boot to a bootable CD?

Also, I need to get the message of that Blue Screen :

Packard Bell screen>Operating system to start screen>WindowsXP logo>Blue screen

Does it restart when you reach that stage (Blue screen)? Or does it hang? If it just hangs, then I guess you can give us the message of the Blue screen?

If it quickly restarts when you reach that Blue screen, then use a digital camera to take a picture of it. From that we can trace what's making your computer to not boot.

Edited by Jag11, 08 June 2006 - 04:19 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#14 neil_s

neil_s
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 08 June 2006 - 08:25 AM

It just hangs, probably for about 10 seconds. Then it restarts and goes through the process again.

There is no message with the blue screen, so I'm guessing a picture is not required?

#15 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:04:24 PM

Posted 08 June 2006 - 08:38 AM

Hmm, I thought it was a BSOD..

You still didn't answer my question :

Can you boot to a bootable CD?


Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users