Hi!
I really need someone who can help me fix all my problems because I can't even normally work on my PC.
Thanks in advance!

PC specifications:
 Windows 98 SE 4.10.2222 A
 256 Mb RAM
 12,7 Gb hard disk

Problems:
 Rundll32 not responding
 lots of unknown programs listed in the Task Manager
 can not open Control Panel
 can not perform Scan Disk and Defragment
 PC often freezes (cannot move mouse or use the keyboard, so I have to restart manually)
 can not open Microsoft Outlook Express (a message pops up saying that a MSOE.DLL could not be loaded)
 can not open large programs such as Dreamweaver or can’t do anything with them once they are opened

Programs installed:
 Ad-aware, SpyBot S&D, HijackThis, CWSchredder
 anti-virus program: McAfee Virus Scan + McAfee Firewall

Actions done so far:
 have scanned for spyware / malware with Ad-aware and SpyBot and removed everything that was found
 have used CWSchredder (it didn’t find anything)
 have performed the anti-virus check with McAfee (found some infected files – had removed them) and on the web with Housecall Trend Micro (didn’t find anything)
 uninstalled some programs that I don’t need or don’t use

HijackThis log:
Logfile of HijackThis v1.98.0
Scan saved at 16:34:55, on 26. 07. 2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMON98.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\DAVOR\POPRAVAK\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HiNet
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\SDPH20.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvColorInit] RUNDLL32.EXE NVQTWK.DLL,NvColorInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [IMON] C:\Program Files\Intel\Intel(R) Active Monitor\imon98.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\iowatch.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


THANKS AGAIN! ;)

Recommended Answers

All 6 Replies

Sorry for bothering but I really, really need help soon. So if someone would be so kind and help me, I would be very grateful to him.

Thanks again!

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O1 - Hosts: 69.20.16.183 search.netscape.com

next ones are optional but suggested because they are not neede in startup or rescorce hogs

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


This is Spyware and you should uninstall the program. via add/remove programs in control panel i think

O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

C:\WINDOWS\SYSTEM\npnzdad.exe.........delete file if found


to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log

Bed time ,I will check back in the Morning

Hi!

First of all thanks for looking at my problem.

I will do now what you have told me and then post a fresh log.

Just one question - the only thing I have to erase is npnzdad.exe, right?

Thnx

Done what you've told me, here 's the fresh log:

Logfile of HijackThis v1.98.0
Scan saved at 17:21:48, on 27. 07. 2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMON98.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\SERVICES\SERVICELAYER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\DAVOR\POPRAVAK\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HiNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;hr;<local>
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\SDPH20.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EM_EXEC] c:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvColorInit] RUNDLL32.EXE NVQTWK.DLL,NvColorInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [IMON] C:\Program Files\Intel\Intel(R) Active Monitor\imon98.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\iowatch.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

thnx

Hi!

Glad to hear it looks good, but some problems that I had before did not go away. Only one thing is changed - rundll32.exe is now functioning normal. My PC is slow, can't open Control Panel, can't perform ScanDisk and Defragment. So it's obvious something else that is wrong with my PC.
If you maybe know what can I do next I would be very grateful. The problem that bothers me is that I think it's a virus (or sth similar) but none of the virus scans I've done showed I don't have a single file infected. :?:

Thanks for all your help! ;)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.