Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log peTRE


  • This topic is locked This topic is locked
2 replies to this topic

#1 peTRE

peTRE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 20 October 2004 - 07:00 PM

Fixing the computer for my uncle (P2 Compac Presario 5260, Win98se 64Mb RAM), and have found 458 spyware related items on the computer with Spy Bot and Ad-Aware scans, theese are removed but still the computer runs insanly slow.

Found lots of typical hijackers as well, with a HiJackThis scan, and removal, both in Normal and Safe mode. Spesially one, which related to a spesific IP adress : 213.159.117.134 (finally I removed the systime.exe in the system catalogue and things started to lighten up again, but still..slow as a turtlerace)

So, with my humble experience, I face you guys, in a hope to see if you can find anything that I might have forgotten/overseen. Here is the log (sorry bout my english, I'm norwegian.. ;)


Logfile of HijackThis v1.98.2
Scan saved at 01:47:20, on 21.10.04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\TELES\TISDNMON.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMFILER\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMFILER\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\TELES\CWD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMFILER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMFILER\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
C:\MSCAN\MSOFFICE\PANEL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\INSTALL\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMFILER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [ISDNMonitor] c:\teles\tisdnmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Programfiler\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programfiler\Fellesfiler\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\watch.exe
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

------------

Thanks upfront ! :thumbsup:

Petter / Norway

BC AdBot (Login to Remove)

 


#2 CalamityKen

CalamityKen

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Location:Whitby. Ont.
  • Local time:07:03 PM

Posted 20 October 2004 - 07:25 PM

Petter, welcome. Looks like you got rid of all the malware.

You do not want these huge system resource wasters:

O4 - Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE


Install the prevention protection below and help your friends from being infected on the Internet.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.
Index.dat Suite helps with this.
http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

Insure that Index.dat Suite is Setup to empty the Temp folders especially
C:\WINDOWS\Temp
then run the Find and create the run.bat and reboot to have it remove what it finds.

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and SpywareBlaster then keep them up to date as today's Internet is full of nasty infections.
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

#3 peTRE

peTRE
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 21 October 2004 - 01:52 AM

Ok CalamityKen, thanks alot! The office tools removed gained much speed, since, yes, it isn't the fastest computer and it really consumes alot of resources.. :thumbsup:

This is a great community, and I'll for sure come back here and help other if needed!

Great and cheers,

Petter / Norway




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users