Solved

System Slow, Hijackthis log here, advise needed

Posted on 2004-08-23
2
2,693 Views
Last Modified: 2012-06-27
Hello Experts,
   Please review the hijackthis log mentioned below and advise if my computer is infected with any viruses/trojans/spywares etc, and also what do i need to do to make my computer processing faster and secure.

Logfile of HijackThis v1.97.7
Scan saved at 11:18:49 AM, on 8/23/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\eScan\TRAYCSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\PROGRA~1\eScan\TRAYICOC.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\eScan\ESCANIPC.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nokia\PC Suite for Nokia 9210 Communicator\ConnectState.exe
C:\Program Files\Nokia\PC Suite for Nokia 9210 Communicator\ECTaskScheduler.exe
C:\WINDOWS\FSScrCtl.exe
C:\PROGRA~1\Nokia\PCSUIT~2\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~2\BROADC~1.EXE
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Plaxo\2.0.3.16\InstallStub.exe
C:\Documents and Settings\Monir.LAPTOP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cell-data.it/quotazioni/paguk.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [ESCANIPC] C:\PROGRA~1\eScan\ESCANIPC.EXE
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.3.16\InstallStub.exe -a
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Nhstw32.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PC Suite for Nokia 9210 Communicator.lnk = C:\Program Files\Nokia\PC Suite for Nokia 9210 Communicator\ConnectState.exe
O4 - Global Startup: PC Suite for Nokia 9210 Communicator Task Scheduler.lnk = C:\Program Files\Nokia\PC Suite for Nokia 9210 Communicator\ECTaskScheduler.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38179.2909606481
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7ABFFAB-2EAC-4D36-ACD8-DDCF413895C9}: NameServer = 192.168.0.101,194.170.1.6

Thank you while waiting for a prompt response
Rgds
Ovais
0
Comment
Question by:MOvais_Khan
2 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 11867970
Not sure about this

O4 - Startup: Nhstw32.exe

Other than that I donot see any harm

You should also scan for virus using these
****
http://vil.nai.com/vil/stinger/

http://housecall.trendmicro.com/

http://security.symantec.com/
****

and SPyware using these

*****
Spybot : www.softpedia.com/public/cat/10/17/10-17-21.shtml

Ad-Aware : http://download.com.com/3000-2094-10045910.html?legacy=cnet

CWshredder : http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
*******

To make your machine faster

a) Update your windows with the latest updates and fixes going to http://windowsupdate.microsoft.com

b) Check for unwanted starting services and disable them
http://www.blackviper.com/WinXP/servicecfg.htm

c) Run system defragmentation , Disk cleanup and run CHKDSK /r

d) Try using this to check which one is consuming more usage
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

How to Break Down the System Process
http://support.microsoft.com/default.aspx?scid=kb;en-us;295714

e)  Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

SR
0
 

Expert Comment

by:Kgenis
ID: 11874936
Another possible reason that your system is running slowly may be that you have little free space left.

Go to my computer and right click C: then choose properties and make sure the 'Free Space' isn't quite low i.e. 100mb. If it's quite low try cleaning temporary folders and checking your computer for programs, setups etc that you no longer need.

If space is the problem you could also uninstall any non-used programs.

Also, the NHSTW32.EXE mentioned by sunray is  part of a program called NetOp which appears to be some form of remote access software.  The exe running is the programs NT host application from what I've read.

As to making your computer secure, all you need is a simple firewall, antivirus and spyware tools. I've compiled links to various tools.

http://www.sygate.com - Sygate Personal Firewall
http://www.zonelabs.com - Zone Labs produce various security programs including a firewall
http://www.safer-networking.org/en/index.html - Home of Spybot Search and destroy, this searches your system for spyware and other malicious programs.
http://www.mcafee.com - Mcafee Virus Scaner
http://www.Avast.com - Avast virus scanner
Other popular brands of AV software can be found by googling the names: Norton, Trend-PC, AVK etc.
http://www.spywareblaster.net - Another spyware program this one runs in systray and protects your computers vital settings which any malware etc is likely to change.

Also to ensure system security make sure you do as sunray said and get all the latest Microsoft Updates for your system. This helps to protect you against various defects and exploits. (Not that Microsoft isn't a giant defect or anything*cough*) You can access updates by clicking your start button then choosing windows update or by opening internet explorer and typing http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us into the URL field.

One last thing, following SunRay's advice about checking for any excess Services and useless start up programs would be good. As many programs, services loading at boot will generally cause a system to be slow.

To do this click Start Choose run and type msconfig. then click the startup tab to check which programs are starting up, then the services tab to check those aswell.

If you have any other questions don't hesitate to ask me.

Greetz.
Matt.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now