Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspiciously Slow: HJT Log [RESOLVED]


  • This topic is locked This topic is locked

#1
Seven!

Seven!

    Member

  • Member
  • PipPipPip
  • 161 posts
[Requested to post new log, scroll down to see up-to-date log.]

Edited by Seven!, 10 September 2005 - 07:50 PM.

  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.Please post a new Hijack log and a brief description of your problem and I will help you.

Thanks :)
  • 0

#3
Seven!

Seven!

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts
I ended up reformatting that PC, but here's a different one. The problem is the memory - there are a lot of files on this PC(converted piles of vinyl to mp3, stored on PC), and running Windoze Explorer is very slow. Also, defragmenting takes almost a whole week!

Hopefully the HijackThis log exposes a culprit to our problem.

Logfile of HijackThis v1.99.1
Scan saved at 9:48:12 PM, on 9/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\IOMATIC\RAM MEDIC\RAMMEDIC.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKENW\inet\common\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [RAM Medic] C:\PROGRAM FILES\IOMATIC\RAM MEDIC\RAMMEDIC.EXE
O4 - HKCU\..\RunServices: [RAM Medic] C:\PROGRAM FILES\IOMATIC\RAM MEDIC\RAMMEDIC.EXE
O4 - Startup: Resource Meter.lnk = C:\WINDOWS\RSRCMTR.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio....abasetup144.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Not much here. Not enough to cause your problems

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\QUICKENW\inet\common\blank.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe


Now close all windows other than HiJackThis, then click Fix Checked

If you can run this scan it would help

Please run this online virus scan:
Panda Active Scan You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here. Also post a new Hijack log

Thanks :tazz:
  • 0

#5
Seven!

Seven!

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:29:27 PM, on 9/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\IOMATIC\RAM MEDIC\RAMMEDIC.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\START MENU\PROGRAMS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [RAM Medic] C:\PROGRAM FILES\IOMATIC\RAM MEDIC\RAMMEDIC.EXE
O4 - Startup: Resource Meter.lnk = C:\WINDOWS\RSRCMTR.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio....abasetup144.cab
O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflas...in/powerres.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab


Incident Status Location

Adware:adware/gator No disinfected Windows Registry
Security Risk:Application/RestartNo disinfected C:\WINDOWS\SYSTEM\Tools\Restart.exe
Security Risk:Application/RestartNo disinfected C:\WINDOWS\TEMP\pav701B.TMP
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43ad2f4f-739524cc.RB0[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43ad2f4f-739524cc.RB0[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43ad2f4f-739524cc.RB0[Dummy.class]
Spyware:Spyware/ISTBar No disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-23a6f4db.zip[InstallerApplet.class]
Hacktool:HackTool/ExitWin.A No disinfected C:\WINDOWS\Start Menu\Programs\Disabled Startup Items\Reboot.old

Edited by Seven!, 10 September 2005 - 10:03 PM.

  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Download and install CleanUp! Here

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.


Please run cleanup

Now tell me if this has helped.
  • 0

#7
Seven!

Seven!

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts
I regularly run CCleaner(Crap Cleaner). I downloaded and installed CleanUp!, and they have pretty much the same function.

If you wanted to evaluate CCleaner (it's freeware), here's the link: http://ccleaner.com/ccdownload.asp

I turned off indexing (given that I have a large amount of files), and the computer increased dramatically in performance. Thanks for your help.
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes that would help performance. As for CCcleaner Ive never used it , but most people say its a little too powerful for the average user so we dont recommend it much but I guess it all depends on the user with any program But since you gave me the link........Im gonna check it out. Good luck in Geek u, You seem like you know your way around a computer :tazz:
  • 0

#9
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP