Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT Log [RESOLVED]

Started by irish_eyes , Aug 13 2005 02:49 AM

  • This topic is locked This topic is locked

#16
Rawe
Posted 13 August 2005 - 04:15 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, Aurora is still there.

One important thing I noticed though.. This will need to be done before doing further cleaning;

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh HijackThis log.

Do NOT install Service Pack 2 yet!

- Rawe :tazz:
  • 0

Advertisements

#17
irish_eyes
Posted 13 August 2005 - 07:28 PM

irish_eyes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
OH MY GOD!!! Such drama with this computer!

While I was installing the XP SP1 I lost power (happens alot here in the summer). When I rebooted the computer wouldn't boot completely and was just shutting itself off and going back on. I couldn't get it to even boot all the way no matter what I did. So, I ended up wiping out everything and rebooting from my installation disks. I lost some documents, and other nonsense but most of my case files for work are on disk so nothing important was lost.

I have only installed my ISP stuff, modem, and V-scan so the Aurora problem shouldn't be there any more.
Should I install the SP2 now? I have heard nothing but bad things about it, and I am not sure it's a good thing. The Microsoft Message boards were fraught with complaints of system crashes, pages hanging, non responsive systems, etc. What is your opinion.
However, I did another HJT scan. Here is the log. I'm guessing everything is alright now?

Logfile of HijackThis v1.99.1
Scan saved at 8:23:42 PM, on 8/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kate\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcwebtool...&Name=Buttonwww
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcwebtool...&Name=Buttonwww
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: e-DiagTools LAN Configuration Agent (edtlancfg) - Hewlett-Packard - C:\Program Files\HP\e-DiagTools\edtsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

Edited by irish_eyes, 13 August 2005 - 09:30 PM.

  • 0

#18
Rawe
Posted 14 August 2005 - 06:26 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yes, that's clean now..

Install Sp2 immediately..

Here's some tips for future to prevent spyware (I guess you aren't having any problems at the moment?);


Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Visit;
http://www.windowsupdate.com to get Service Pack 2 and any other critical updates.

- Rawe :tazz:
  • 0

#19
irish_eyes
Posted 14 August 2005 - 02:46 PM

irish_eyes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
I'm in the process of downloading all the things you indicated. Do I need ALL of them or is it a pick one from the category type of thing?

Thank you so much for your patience and tolerance during this whole thing. I always thought I was pretty computer savvy until I had a problem. You guys provide a valuable and priceless service to all of us who can't fix things ourselves without crashing the whole system.

:tazz:
  • 0

#20
Rawe
Posted 14 August 2005 - 02:54 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Install Service Pack2.. If you DON'T have Firewall, it is really recommended. You shouldn't be without an Firewall. Same applies for Anti-virus. I would suggest you to change from IE to Firefox -- many reasons for that. Take a look at the "Internet & browsers" forum. If you decide to use IE.. Install atleast the Google toolbar. If I were you, I would install SpywareBlaster, no matter what. It's incredibly amazing software. Free-- Small (won't take resources much). Really easy to use + you don't need to worry about it at all. Just launch it from time to time, about once in a week.. Update and enable all protection. Close it. And that's it.. It will protect your system anyway.

Hope this clears up a bit. ;)

- Rawe :tazz:
  • 0

#21
irish_eyes
Posted 14 August 2005 - 03:09 PM

irish_eyes

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
OK - got it. Am getting the SP2 now - may take forever. Then I'll go back and get the rest. I already got spywareblaster and spybot. I will try firefox, then if I really hate it - I'll get the google tool bar.

Thanks again. I'll stop bugging you now.
  • 0

#22
Rawe
Posted 15 August 2005 - 03:15 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP