Hijackthis log need analysis: all steps complete

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zapp, Feb 4, 2005.

  1. zapp

    zapp Staff Sergeant

    Friends
    I read the "must do" tutorial on steps toward cleaning a system and took those steps. I am pasting below what I hope is a clean Hijackthis log just taken, preceded by a Belarc profile of the system in question. I appreciate your expert assessment.
    Zapp

    +++++++++++++++++++++++++++++++
    Computer Profile Summary
    Computer Name: Kickthedevil (in SMCC)
    Profile Date: Friday, February 04, 2005 11:47:25 AM
    Advisor Version: 6.1f
    Windows Logon: temp


    Click here for Belarc's PC Management products, for large and small companies.

    Operating System System Model
    Windows 98 SE (build 4.10.2222) No details available
    Processor a Main Circuit Board b
    500 megahertz AMD K6-2 w/3DNow!
    64 kilobyte primary memory cache
    512 kilobyte secondary memory cache Board: ASUSTeK Computer INC. P5A REV 1.XX
    Bus Clock: 100 megahertz
    BIOS: Award Software, Inc. 4.51PG 02/24/00
    Drives Memory Modules c,d
    20.38 Gigabytes Usable Hard Drive Capacity
    16.98 Gigabytes Hard Drive Free Space

    CREATIVE CD5233E [CD-ROM drive]
    LITE-ON LTR-52327S [CD-ROM drive]
    Generic floppy disk drive (3.5")

    Generic IDE hard disk drive (20.38 GB) -- drive 0, No SMART Driver 128 Megabytes Installed Memory

    Slot '0' has 64 MB
    Slot '1' has 64 MB
    Slot '2' is Empty
    Slot '3' is Empty
    Local Drive Volumes

    c: (on drive 0) 20.38 GB 16.98 GB free

    Network Drives
    None detected
    Users Printers
    temp
    HP DeskJet 930C Series on LPT1:

    Controllers Display
    Standard Floppy Disk Controller
    ALi M5229 PCI Bus Master IDE Controller
    Primary IDE controller (dual fifo)
    Secondary IDE controller (dual fifo) XPERT 98 (English) [Display adapter]
    Samsung S/M 753DF [Monitor] (15.7"vis, s/n HCCR218669, February 2001)
    Bus Adapters Multimedia
    None detected ESS Device Manager
    ESS Multi-Device Enumerator
    Gameport Joystick (no joystick connected)
    Maestro DOS Games/FM Devices
    Maestro MPU401 Devices
    Maestro Wave / WaveTable Synthesis Devices
    Wave Device for Voice Modem
    Communications Other Devices
    ESS ES56T-PI Data Fax Voice Modem
    10/100Mbps PCI Fast Ethernet Adapter
    Network TeleSystems P.P.P.o.E. Adapter (NTSP3)
    Network Card MAC Address: 00:20:18:89:17:C4
    Network IP Address: 192.168.1.100 / 24 ESS Modem Device Manager
    Standard 101/102-Key or Microsoft Natural Keyboard
    Virus Protection
    No details available
    Installed Microsoft Hotfixes [Back to Top]
    DataAccess
    Q318203 on 07/06/2003 (details...)
    Q329414-21 on 07/06/2003 (details...)
    Q329414-25 on 01/08/2004 (details...)
    Internet Explorer
    SP1 (SP1)
    Q313829 (details...)
    Q330994 (details...)
    Q818529 (details...)
    Q822925 (details...)
    Q824145 (details...)
    Q832894 (details...)
    Q837009 (details...)
    Win98.SE
    UPD238453 (details...)
    UPD239887 (details...)
    Win98.SE (continued)
    UPD256015 (details...)
    UPD259728 (details...)
    UPD273991 (details...)
    UPDQ823559 (details...)
    Win98
    UPD245729 (details...)
    UPD323172 (details...)
    UPD323255 (details...)
    UPD329115 (details...)
    UPD811630 (details...)
    Windows Media Player
    WM320920.1 (details...)
    WM817787 (details...)
    WM819639 (details...)



    Click here to see all available Microsoft security hotfixes for this computer.

    Marks a HotFix that verifies correctly
    Marks a HotFix that fails verification
    (note that failing hotfixes need to be reinstalled)
    Unmarked HotFixes lack the data to allow verification

    Software Licenses [Back to Top]

    Ahead - Nero Fast CD-Burning Plug-in 1502-4020-1175-0480-1085-2495
    Belarc - Advisor fbb78233
    Microsoft - Internet Explorer 55736-843-5123791-04082 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
    Microsoft - MediaPlayer 53199-449-0946475-04279
    Microsoft - MediaPlayer 69808-451-6384932-04242
    Microsoft - Office 2000 SR-1 Professional 50083-005-9623906-02244
    Microsoft - Windows 98 SE 11901-OEM-0092811-72757 (Key: GY7YJ-B48MG-BCM4F-PC292-RC7GQ)e

    Software Versions [Back to Top]
    Adobe Acrobat Reader Version 5.0.5.0 *
    Adobe Acrobat Version 3.0.000 *
    Ahead Software AG Karlsbad Germany Phone: +49-7248-911-800 Fax: +49-7248-911-888 e-mail: info@nero.com - LANGUAGE_English2 Version 5, 5, 10, 54 *
    Ahead Software AG - InfoTool Application Version 1, 0, 3, 3 *
    Ahead Software AG - Nero CD Speed Application Version 1, 0, 2, 1 *
    ahead software gmbh, karlsbad - Cover Designer Version 2, 2, 1, 11 *
    ALWIL Software - avast! Antivirus Version 4, 5, 0, 0 *
    America Online, Inc. - AOL Instant Messenger (SM) Version 4.7.2480 *
    avast! Antivirus Version 4, 5, 0, 0 *
    Backup Exec Scheduler Version 1, 0, 0, 1 *
    Banner Blue Software Incorporated - Microsoft Organization Chart Version 2,0,0,1016 *
    Belarc, Inc. - BelManage Client Version 6.1f *
    blindman.exe *
    Broderbund Software - The Print Shop Version 6.0 *
    Brøderbund Software, Inc. - The Print Shop PressWriter 2.0 Version 2.0 *
    Brøderbund® Software - Electronic Registration (USA.WIN32) Version 1, 5, 0, 14 *
    CenturyTel - CTE DSL Cleanup Version 1.0.0.0 *
    Copy Old QV Data *
    Corel Corporation - Paradox for Windows Runtime Version 9.00.738 *
    Eastman Software, Inc., A Kodak Business - Imaging for Windows® Version 1.01.1311 *
    EnterNet 300 *
    Enternet Connection CenturyTel *
    Erik Deppe - DriveSpeed Version 1, 6, 1, 0 *
    Fadsoft.com - Another IE Popup Killer Version 2, 0, 0, 1 *
    Findex - QuickVerse 7.0 Version 7, 0, 0, 9 *
    Findex.com - Notes Backup Utility Version 1, 0, 0, 5 *
    Findex.com - QuickVerse CD Browser Version 1, 0, 0, 3 *
    Franklin Electronic Publishers, Inc. - eBookMan Desktop Manager Version 1.15 0412 *
    Franklin Electronic Publishers, Inc. - eBookMan Monitor Version 1.0 *
    Hewlett-Packard Co. - HP DeskJet A.03.01.03 *
    Hewlett-Packard Company - HP Printing System for Windows Version 1998.0227.1034 *
    InstallShield unInstaller Version 2.20.926.0 *
    InterMute Inc. - CWShredder Version 1.61 *
    InterMute, Inc. - SpySubtract Version 2.60 *
    Jordan Russell - Inno Setup Uninstaller Version 51.6.0.0 *
    Microsoft (R) Visual Studio Version 6.00.8424 *
    Microsoft (r) Windows Script Host Version 5.6.0.6626 *
    Microsoft Clip Gallery Version 5.2.01.0405 * Microsoft Corporation - DirectShow Version 6.4.07.1121 *
    Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
    Microsoft Corporation - Windows Installer Version 2.0.2600.2 *
    Microsoft Corporation - Windows Telephony Version 4.10.2000 *
    Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
    Microsoft imgstart Version 1, 0, 0, 1 *
    Microsoft Office 2000 Version 9.0.8216 *
    Microsoft Outlook Version 9.0.6604 *
    Microsoft Photo Editor Version 3.01.3 *
    Microsoft PowerPoint for Windows Version 9.0.6620 *
    Microsoft(R) Windows Media Player Version 9.00.00.2980 *
    Microsoft® Access Version 8.0.4122 *
    Microsoft® Access Version 9.0.6620 *
    Microsoft® Internet Services Version 6.1.33.0 *
    Microsoft® Query Version 9.00.4430 *
    Microsoft® Schedule+ for Windows 95(TM) Version 7.5 *
    MobiEbmSync.exe *
    Mobipocket.com webcomp Version 3,0,0,3113 *
    NewTech InfoSystems, Inc. - NTI Backup NOW! Deluxe for Windows Version 3, 0, 52, 0 *
    NewTech InfoSystems, Inc. - NTI Schdlr32 Version 3, 0, 50, 0 *
    One-Button Backup *
    One-Button Restore *
    Palm Computing, Inc. - Expense Report Application Version 3.1.0 *
    Palm Computing, Inc. - HotSync® Manager Version 3.1.0 *
    Palm Computing, Inc. - Install Tool Application Version 3.1.0 *
    Palm Computing, Inc. - Mail Setup Application Version 3.1.0 *
    Palm Desktop Version 3.1.0 *
    PCBA20A Application Version 1, 0, 0, 5 *
    PepiMK Software - SpyBot-S&D Version 1.2 *
    Seagate Backup Exec Desktop Version 1.0.0.1 *
    Seagate Software, Inc. - Microsoft Backup for Windows® 98 Version 1.0.0.1 *
    The Learning Company - CALENDAR CREATOR 5.01 Version 5, 0, 1, 0 *
    UAPA - SbCleanUp Version 1.00 *
    Update Old QV Resources Version 1.0.0.0 *
    Virtos GmbH - WaveEdit DLL Version 1, 0, 5, 0 *
    WinZip Version 8.1 (4319) *
    WinZip Version 8.1 (4331) *
    YAMAHA Ysta32 Version 3, 2, 3, 0 *

    --------------------------------------------------------------------------------



    Logfile of HijackThis v1.99.0
    Scan saved at 5:01:11 PM, on 02/04/2005
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Edit by chaslang: Unrequested, inline log deleted.
     
    Last edited by a moderator: Feb 4, 2005
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow guidelines about posting HJT logs. NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    No one asked you to post it and they must not be posted inline.

    You did not run all the steps in the READ ME FIRST. The Trend Micro online scan was not run. Was anything else skipped.

    Do you use this: C:\TEMP\AIEPK2.EXE (Another IE Popup Killer)

    The below should be fixed using HJT.
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
     
  3. zapp

    zapp Staff Sergeant

    Right, Trend Micro and avast scans both came up clean.
    Here is the new log: please check.


    Edit by chaslang: Inline log deleted!!! Please follow guidelines and do not post inline logs. They will always be deleted.
     
    Last edited by a moderator: Feb 4, 2005
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You log was clean! Do you have any issues you are worried about?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds