Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log [RESOLVED]


  • This topic is locked This topic is locked

#1
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Heres my log hun.. Sorry, had to download new version

Logfile of HijackThis v1.99.1
Scan saved at 10:14:44 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ESET\NOD32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\MY DOCUMENTS\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\HP PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements


#2
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

Ok, il have a look and get back to you asap

UKBiker
  • 0

#3
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Okey Dokey :tazz:
  • 0

#4
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
I just think its weird Jock that if it is correct when I did the "file" seach on WIN386.SWP, it states that it was downloaded on 8/19/05 9:23 P.M. and the size of file is 102,4...

I dont know, but something got downloaded, cause when I was looking for that site for mom, that download box came up, started on its own, and then there was this little box down the whole search page over all the topics it found.

I could not get rid of that box, then after I did a check with NOD32, and went back online and did a (john doe) search, then the box was not there.

But also, what would make WIN386.SWP lock to where when checking for viruses, it locks the scrolling.

I dont know, but if you dont find anything, thing I'm going to be buggerd :) :tazz: :) :ph34r: :)



:ph34r:
  • 0

#5
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya Staci

well your log looks clean to me, but ill get a second opinion on it. Have a look and see if any other files were created at the same time as the swap file was altered.

Jock
  • 0

#6
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Ok, I'll check that out.... :tazz: If I know how to by date... :)
  • 0

#7
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Ok... I can do it... lol
  • 0

#8
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Jock, the only one that shows up is in the "modified" catagory and that is of the WIN386.SWP program
  • 0

#9
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Ok Staci, can you please do the following,

clean out all your temp files , then rerun nod (in safe mode if you can) and tell me what it finds.

Jock
  • 0

#10
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
And how long are you going to be here :tazz:

Ok hun... I'll be right back as soon as it is done... :) Thanks so much (((hugs)))



:)
  • 0

Advertisements


#11
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi staci

dont fret, either me or John will look after you. OK?

Jock
  • 0

#12
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Me Fret?!?!?!?!?! :) lol

Naaaaaaa, not when my puter is dated 1997 :) lol

Ok, here is what happend:

Safe Mode, NOD = A fatal exception OC occurred at F000:0000E2A5. The current app. will be terminated.

Pressed any key to continue and got a blk screen but the clock showed

Ctrl Alt Delete

System is busy screen = Froze

Shut down @ tower and rebooted in safe mode, nod no longer on desktop, found in programs, and screen froze again.

So I take it that I cant do it in safe mode :tazz: lol



:)
  • 0

#13
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Ok, brb
  • 0

#14
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
I dont know hun, but wouldnt it bug you if you saw a download box come up and automaticly download something on its own?

Sorry, but frett'n

I looked on the internet about this WIN386.SWP, and read up on what I found from a site, and stated that it is some storage thingy.

"cant remember exactly what it said" But I do remember that it stated that you may want to have it saved into a certain place, cause if it gets full, it can cause your system to slow down.

But I am going to go bonkers till I find out what downloaded in less than a sec. :tazz:
  • 0

#15
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi again staci

I cant find anything that refers to malware infecting the swap file, and your log is clean, i would suggest that you run spybot but make sure it is up to date, also, just to be sure, do an online scan, try the panda activescan, but it takes a while.

Panda ActiveScan<<<Accept default settings, save and post the log

I will look in later and check up for you.

Jock
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP