painfully slow, inconsistant computer HJT log file help...

Hi there folks.
My computer runs windows 98 SE, broadband internet with virgin ISP. I have the latest updates of Ad-aware SE Personal, CWS Shredder and Spybot search and destroy. A test 20mins ago revealed nothing found by cws shredder, nothing found by Spybot and only 4 adware files to be deleted, which they were, followed by the usual emptying of recycle bin and interent cache files, etc. The following is the Hijack This logfile taken after all the above was completed.

Logfile of HijackThis v1.99.1
Scan saved at 23:07:53, on 10/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\EZAUDIO.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\USBDRIVE\SHWICON.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\BELKIN\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/weather/charts/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\Belkin\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ShowIcon_Just Rams_USB Device Driver v1.25r004] "C:\Program Files\USBDRIVE\shwicon.exe" -t "Just Rams\USB Device Driver v1.25r004 "
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t "Justrams\USB Product Driver v2.12r012 "
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton CleanSweep\CSINJECT.EXE
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20000128/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9E5E8BAE-C06C-43A2-84F9-49F90A92508F} (Virgin Net Number Update Control) - http://client.virgin.net/assets/update.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6uk.cab


We used to have NAV2002 installed but have now uninstalled it. Basically the computer is most of the time very slow and freezes despite broadband, and sometimes, even just minutes later quick again. Is there any reason anyone can determine form the logfile for this ?? and what should be fixed on HJT ???

Also I have always been curious about what all these processes that are running in task manager... please see a copy of the task manager dialogue box below :

Windows BBS - Post New Thread - Microsoft Internet Explorer
HijackThis
Explorer
Ctdetect
Rnaapp
Drst
Bttray
Stimon
Dragdiag
Incd
Shwicon
Ezaudio
Systray
Csinject

What are all these processes and are they using up ram, etc making the whole system slow. If so can i delete or get rid of some of this ?

ANy help would be very much appreciated as im about to throw this thing out the window....... (might help)

Cheers

George

 

\\



You have the kak worm
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta

Please follow the removal and repair instructions here
http://www.pchell.com/internet/kakworm.shtml
They have a removal tool to run and then you can safely run hijackthis with all other windows closed choose scan only and select the following and choose fix
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta

Then locate and delete the file
C:\WINDOWS\SYSTEM\99365223.hta
(may have to go to control panel/ folder options/ view set to show hidden and system files)




This could be your problem
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
http://castlecops.com/startuplist-5983.html

Although they say it may slow win2k, I would not be surprised if it slowed other os also.
You can uninstall it, or have hijackthis fix this entry to remove it from startup.

O16 - DPF: {9E5E8BAE-C06C-43A2-84F9-49F90A92508F} (Virgin Net Number Update Control) - http://client.virgin.net/assets/update.cab
If you do not recognize this url, have hijackthis fix this entry

Here is your explanation of the tasks

HijackThis >> Self explanatory, hijackthis is running

Explorer>> explorer.exe , the windows graphical user interface which gives you your desktop and lets you interact with your computer.

Ctdetect >> Creative Labs sound card software. Needed if you want to have sound on your computer.

Rnaapp>> Remote Network Access Application- needed if you have dialup , not sure why it would be running if you are using dsl

Drst >> Explained above, not needed

Bttray >> Blue tooth tray application.

Stimon >> Still Image Monitor. Used with USB imaging devices such as scanners and cameras. Needed.

Dragdiag>>More DSL diagnostics. Not needed
http://www.bleepingcomputer.com/startups/Dragdiag.exe-5077.html

Incd >> Nero packet writing software, lets you burn to CDRW disks by drag and drop.

Shwicon>> USB card reader software shows if card is plugged in?

Ezaudio>> More software for you sound card.

Systray >> System tray, shows the icons in lower right so you know what is running.

Csinject >> Norton Clean Sweep.



You can find more information on any of these with a simple google search
http://www.google.com





You do not give any information on your system other than it is running win98, has broadband and no antivirus (not a good idea).
How much RAM? What processor and speed?
How much free system resources does it show?

 

Cheers Oshwyn....

ran the pchell tool and nothing found... when i ran hyjackthis again after this, below line wasnt in the log to be fixed, so guess thats ok.

04 - HKLM\.. \Run: [cAg0u] C:\WINDOWS\SYSTEM\99365223.hta

The only file found on the computer close to the above was actually a folder - full name - {99365223-F39F-11D3-9F06-F6D32273B03D} - path as below:

C:\WINDOWS\Application Data\Identities

Inside this folder is another named "Microsoft" and inside that another named "Outlook Express" within which are what looks like database admin files (ext .dbx) e.g. outbox.dbx, etc. Fearing they may be necessary files, i have not deleted folder with the number 99365223. Do you think it is part of this virus and should be deleted or kept ??

have also fixed both other entries in hyjackthis as suggested (04 - HKCU............Speedtouch\drst.exe" -b and, 016 - DPF: {9E.........08F} (Virgin Net Number Update Control) )

Then I restarted the computer and it was quite a bit quicker....



According to SiSoft Sandra System Summary (tongue twister) the computer has :

Intel Celeron 434mhz (433 rated speed, FSB 67MHz)
Performance rating PR521 (estimated)

127MB installed memory (144% true allocated load)
although im sure we have put in 256mb ram, so not sure...

8 GB hard drive.
2.6 GB free - 31%
2% slack ?

Dell D1028L Monitor 1280*1024

System Memory
Total system memory :199mb
Free system memory :81mb - 41%
Total Physical memory :127mb
Free Physical memory :9mb - 7%

Extended Memory
Total Windows base memory :640mb
Free windows base memory :460mb - 72%

16 bit sub-system
system resources free : 77%
GDI heap free : 89%
User heap free : 77%



I do regularly defrag, disk cleanup, etc.
As to antivirus.... i was thinking about on online virus checker that is reliable or would NAV2002 reinstall without the error message - "unable to renew subscription data. Please re-install " coming up at startup and slowing the whole computer to a standstill ?


Thanks a lot for your help Pete

George

 

It looks like the tool cleaned it up as a leftover.
Basically when the virus infected you it pulled the string form your outlook express folder and assumed the name hoping that if you found it you would think it was important and leave it alone.
The folder you found is normal , it stores your email (that is what the dbx files inside are one file for each folder in your email and others for settings ) and outlook express settings. Leave it alone.

Well for years I ran win98 on a similar system and while a 433MHz celeron is no speed demon it is adequate as is 128MB of ram.
If you actually have 256MB installed and it all worked once, it is probable that one stick came loose or failed.
Try reseating the sticks (unplug computer before working inside) If it still shows only 128MB , try each stick individually. If you get a series of beeps when you only have one stick, chances are it is bad or the incorrect memory for your computer. Your PC runs at 67 (actually 66)MHz and you optimally should have all PC66 SDRAM. Although you could probably run all PC100 SDRAM you should not mix the two (Sometimes the faster ram is clock locked and will not run at the slower speed. Also often even if it does it will have different specs than a PC66 stick and will not run if you have the PC66 installed).


But I suspect your primary problem was that worm leftover.