Computer Nightmare - HJT log posted

Hi Dave,

Have a look at this thread:

http://www.windowsbbs.com/showthread.php?t=30249&highlight=WTOOLSA.EXE

Regards - Charles

 

HI charlesvar,

Been so long since he posted the log, thought I'd take a crack at it online. Been cleaning up boxes here, so getting some experience. If he purchased that program, would think he'd remember it, and if he doesn't, seems to me it's suspect. We'll see.

Another search here says it's adware.

 

New Log

Logfile of HijackThis v1.99.0
Scan saved at 11:37:11 PM, on 1/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Office.lnk = c:\WINDOWS\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pcm: C:\PROGRA~1\INTERN~1\PLUGINS\NpCurMem.dll
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab

 

Dave,

It looks good now to me after a brief perusal. I'll spend some more time on it tomorrow. I suggest you remove the files in any temporary folders, including those in windows:
\cookies
\temp
\temporary internet files

How is it working now?

As I recall, the floppy has no bezel and butts up against the front of the case, and when I looked at one I wasn't sure that I could find a replacement. But I've never had to try, either. Maybe MinnesotaMike or goddez1 know.

With a new computer, how much effort and money do you want to spend on this?

You can back up any data from the old machine to the new if we're sure the disk is clean. Then you can decide if windows needs reinstalling.

I'll get back to you tomorrow if I can. Meanwhile think about what you want to do with the machine.

 

I'd like to be able to surf the internet, use Word, and other simple tasks. In my family, the new computer is not enough as it's only one computer (ex. I want to surf the internet while my brother wants to play Halo). I'm thinking about $100 dollars is ideal budget for updating the machine. I'd like to get a P3 750MHz-1GHz, but it's an Athlon socket. After realizing that matching this computer with my new one would cost more than getting a new computer. So i'm thinking about getting some cheap RAM, 64MB stick to accompany the 64MB alreadly there (only 64 MB as the motherboard/BIOS can only "see" 128 MB of RAM).

BTW: Preloac.exe was a trojan while infuniss.exe was the process for my NIC/modem.

 

Dave,

The floppy drive on my 2153 is behind a benzel. I've never look at the drive and the possibility of replaces it. I guess I don't think it would be a big deal. As far as the memory, I wouldn't upgrade to 128MB if that is the maximum. I have seen people that have had problems with the max. My suggestion would be to put in a 32MB chip. That will be enough memory to do what you want without creating problems.

Mike

 

Dave,

Suggest you download startup.exe and examine what's starting at boot. For example, there's no need for running:
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

The following file is suspect but probably is legitimate; see this from semantec for how to tell the difference:
PWSteal.Netsnake collects password information, creates its own mail message, and sends the information to the intruder. It copies itself to %windir%\Internat.exe. Please note that there is a legitimate Windows application called %windir%\system\Internat.exe. The Trojan file is 82.5 KB in length and uses a zip file icon. The "real" Internat.exe is generally about 20 KB in length with a "?" icon.

Suggest you edit win.ini in notepad and remove the line:
run=hpfsched - it doesn't need to run in the background

Decide which antivirus to run in the background - (my choice avg); you can keep both on the computer to run manually periodically, but don't run both constantly - that's a serious slowdown.

Suggest you also discontinue wucrtupd.exe and do your windows updates manually. Same with mcupdate.exe; do the antivirus updates manually.

These suggestions will hopefully improve the efficiency. I don't see any sign of trojans, etc., so go ahead with the backup.

 

I'd really like 128MB as that would let it run most recent software. The sticker on the tower front says

"64MB RAM/Expands to 256MB*

"*Installed memory in excess of 128MB will not derive performance enhancement from the included external cache "

(It took me forever to copy those words as they were on the bottom of the tower and they were printed in like a tiny tiny font, probaly 5. )

Right now it has 64 MB SDRAM.

 

Dave,

Go with the 128MB chip then. I was going with the 128MB max that you stated and did not realize that it actually was a 256MB max. My apologies. All I know is that there are possible problems with maxing out the memory. Adding 128MB should give you no troubles.

Mike