[Resident_Blonde]

Heres my log hun.. Sorry, had to download new version

Logfile of HijackThis v1.99.1
Scan saved at 10:14:44 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ESET\NOD32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\MY DOCUMENTS\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\HP PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

[Advertisements]

Hiya

Ok, il have a look and get back to you asap

UKBiker

[ukbiker]

Hiya

Ok, il have a look and get back to you asap

UKBiker

[Resident_Blonde]

Okey Dokey

[Resident_Blonde]

I just think its weird Jock that if it is correct when I did the "file" seach on WIN386.SWP, it states that it was downloaded on 8/19/05 9:23 P.M. and the size of file is 102,4...

I dont know, but something got downloaded, cause when I was looking for that site for mom, that download box came up, started on its own, and then there was this little box down the whole search page over all the topics it found.

I could not get rid of that box, then after I did a check with NOD32, and went back online and did a (john doe) search, then the box was not there.

But also, what would make WIN386.SWP lock to where when checking for viruses, it locks the scrolling.

I dont know, but if you dont find anything, thing I'm going to be buggerd

[ukbiker]

Hiya Staci

well your log looks clean to me, but ill get a second opinion on it. Have a look and see if any other files were created at the same time as the swap file was altered.

Jock

[Resident_Blonde]

Ok, I'll check that out.... If I know how to by date...

[Resident_Blonde]

Ok... I can do it... lol

[Resident_Blonde]

Jock, the only one that shows up is in the "modified" catagory and that is of the WIN386.SWP program

[ukbiker]

Ok Staci, can you please do the following,

clean out all your temp files , then rerun nod (in safe mode if you can) and tell me what it finds.

Jock

[Resident_Blonde]

And how long are you going to be here

Ok hun... I'll be right back as soon as it is done... Thanks so much (((hugs)))

[ukbiker]

Hi staci

dont fret, either me or John will look after you. OK?

Jock

[Resident_Blonde]

Me Fret?!?!?!?!?! lol

Naaaaaaa, not when my puter is dated 1997 lol

Ok, here is what happend:

Safe Mode, NOD = A fatal exception OC occurred at F000:0000E2A5. The current app. will be terminated.

Pressed any key to continue and got a blk screen but the clock showed

Ctrl Alt Delete

System is busy screen = Froze

Shut down @ tower and rebooted in safe mode, nod no longer on desktop, found in programs, and screen froze again.

So I take it that I cant do it in safe mode lol

[ukbiker]

Ok, brb

[Resident_Blonde]

I dont know hun, but wouldnt it bug you if you saw a download box come up and automaticly download something on its own?

Sorry, but frett'n

I looked on the internet about this WIN386.SWP, and read up on what I found from a site, and stated that it is some storage thingy.

"cant remember exactly what it said" But I do remember that it stated that you may want to have it saved into a certain place, cause if it gets full, it can cause your system to slow down.

But I am going to go bonkers till I find out what downloaded in less than a sec.

[ukbiker]

Hi again staci

I cant find anything that refers to malware infecting the swap file, and your log is clean, i would suggest that you run spybot but make sure it is up to date, also, just to be sure, do an online scan, try the panda activescan, but it takes a while.

Panda ActiveScan<<<Accept default settings, save and post the log

I will look in later and check up for you.

Jock