Had a big problem, now small ones.

0verdrive · #1 (**permalink**) 24-11-2005, 11:36 AM

I downloaded a programme for logging my website traffic the other day, and finished up having to reformat. Whatever it was I picked up, it caused my PC to display a message to the effect that I would have to reinstall Windows (98SE). However, reinstalling made no difference and I had to reformat, as my PC was rendered unuseable.
Now I have a few minor problems such as the clock time suddenly altering by several hours, programme short-cuts not working and programmes hanging.
I have done Spybot and Ad-Aware scans, and would like someone to look at my HJT results for an opinion.
Thanks in advance.
Overdrive.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:54, on 24/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAMME FILES\INKSAVER.EXE
E:\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [avast! Web Scanner] E:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InkSaver] D:\PROGRAMME FILES\InkSaver.exe hide
O4 - HKLM\..\RunServices: [avast!] E:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SmcService] E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = E:\Program Files\Misc\Office\OSA9.EXE
O4 - Startup: InkSaverCheck.lnk = C:\WINDOWS\ISCheck.exe
O4 - Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE

VopThis · #2 (**permalink**) 24-11-2005, 03:43 PM

The log submitted appears to be incomplete - likely cut off. Please check.

0verdrive · #3 (**permalink**) 24-11-2005, 04:31 PM

Thanks VOPT. Just done another one, and no different. Any suggestions?

0verdrive · #4 (**permalink**) 24-11-2005, 04:37 PM

Is this any better?

Logfile of HijackThis v1.99.1
Scan saved at 22:06:47, on 23/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAMME FILES\INKSAVER.EXE
E:\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
E:\DOWNLOAD FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [avast! Web Scanner] E:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InkSaver] D:\PROGRAMME FILES\InkSaver.exe hide
O4 - HKLM\..\RunServices: [avast!] E:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SmcService] E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = E:\Program Files\Misc\Office\OSA9.EXE
O4 - Startup: InkSaverCheck.lnk = C:\WINDOWS\ISCheck.exe
O4 - Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

VopThis · #5 (**permalink**) 24-11-2005, 10:03 PM

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

Let us know if that resolves your stated issues.

0verdrive · #6 (**permalink**) 25-11-2005, 06:49 AM

Thanks, VOPT. Deleted the one item and this is the new scan.

Logfile of HijackThis v1.99.1
Scan saved at 05:46:49, on 25/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
E:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
D:\PROGRAMME FILES\INKSAVER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [avast! Web Scanner] E:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] E:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InkSaver] D:\PROGRAMME FILES\InkSaver.exe hide
O4 - HKLM\..\RunServices: [avast!] E:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SmcService] E:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Microsoft Office.lnk = E:\Program Files\Misc\Office\OSA9.EXE
O4 - Startup: InkSaverCheck.lnk = C:\WINDOWS\ISCheck.exe
O4 - Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add Auction Item - Bayside Sniper - res://C:\WINDOWS\BSIIMenuExt.dll/IECONTEXT_HANDLER.HTM

VopThis · #7 (**permalink**) 27-11-2005, 06:48 PM

Quote:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm

That fix item still remains.

Run the following anti-virus/malware tools:

Get the stinger here:
http://vil.nai.com/vil/stinger/

Download it to another computer if need be, and bring it to the affected computer on floppy disk.

It will kill the top 40 virus files if any are found there

Then,

Run these two online virus/malware scanners (Panda Activescan, Trendmicro Housecall) following these instructions below:
http://forums.thatcomputerguy.us/ind...showtopic=5122

Let them fix what they can. Reboot between scans.

Take note of any FILES that couldn't be deleted. Post any undeletable items and any available LOGS back here (IMPORTANT FEEDBACK) AND go after such FILES yourself if you want (preferably in SAFE MODE - reboot tapping the F8 key) .

These scans will take more than an hour to complete, so make sure you have time to let them run all the way through.
(let us know if any files couldn't be deleted/cleaned.)

Reboot
Post a new HJT log with any detailed feedback from the scans.