Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log [RESOLVED]


  • This topic is locked This topic is locked

#16
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Panda Scan? Why would I go outside of my Antivirus program?

But I will do a full Malware scan and then paste what it found and also do another NOD scan.

Thanks for helping me out... But have you ever heard of something like this happening? "the auto download"
  • 0

Advertisements


#17
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi Staci

Nod is a great AV app, but it can be very usefull to use the online scans like pada as a double check.

Regarding the auto download, its known in the trade as a "drive by", and used to be common, tho the patches from MS have sorted most of the routes for it to infect. the main thing is that your HJT log showed no signs of an infection , and drive bys DO leave their marks all over an hjt log.

can you post a new hjt log for me now, i want to see if anything has changed.

Jock
  • 0

#18
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Here ya go hun...



Logfile of HijackThis v1.99.1
Scan saved at 11:39:31 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLWBSPD.EXE
C:\MY DOCUMENTS\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\HP PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#19
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya :)

well that log is still clean :tazz: . Just to make sure though, could you please post the results from the online scan that I asked for earlier.

UKBiker
  • 0

#20
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
:tazz: Sorry hun...

I have been so busy this weekend, on Friday ran to Fort Wayne to my sister in-laws, then on Saturday and Sunday I picked green beans and tomatoes, and canned them yesterday and today.

Still have a bag full of beans still yet waiting to be canned. But I will get on it tomorrow.

Sorry, just running in circles on weekends...

Chat with ya tomorrow :) And thanks!



:wub
  • 0

#21
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Hey Biker :)

Well, I did the scan "It only took FOREVER!" :tazz: LOL But it kept coming up about something of Microsoft Outlook. But did not know what it was actually wanting me to do. dunno. Something about it not being filed right or something...

But it stated that I was clean.

So I guess that the "drive by" did not do any harm heh?



Scan finished Personal Folders\Tasks\Welcome to Tasks!Scan reportSelect a device to scan...
My Computer
Local Disks
Floppy Disk
My Documents
Email
Other Media
Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0
  • 0

#22
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya Staci :tazz:

Great, looks like you are OK. Given that you were on AOL at the time, and you have their coach and check up apps running, I think it was probably AOL doing something AOL ish that you noticed, certainly there is no sign of malware. Lat me have a think about some apps to improve your security, tho its pretty good with NOD as it is.

Regarding the Access problems you mentioned to me, are you able to access any other secure sites?

UKBiker
  • 0

#23
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
THANKS :)

and you have their coach and check up apps running,


I did not know that these are actually running :tazz: Is it something that has to be running you think?

Regarding the Access problems you mentioned to me, are you able to access any other secure sites?


Yeah, other than Cinergy.com... I can get to the home page, but no further :) I just dont understand and cant figure it out.

What comes to your mind?





:)
  • 0

#24
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi staci :)



Congratulations , your log is clean :tazz: :) :)

So now that your PC is clean, how do you keep it that way?

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Glad to have been of help

UKBiker
  • 0

#25
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
Hi again Biker :tazz:


Ok, I have:

CW Shredder
Spyware Blaster
Spybot Search and Destroy
Ad-Aware
CCleaner
RegSeeker
NOD32
ZA

My puter is a 1997, and adding more would probably send me to the over priced puter place to buy a new puter :)

You listed 3 that I dont have... And worried about my space and I have my website program and construction site on my puter... I dont know how much more protection I can add...

Ok, worries... And also, I dont use IE... My browser is AOL...


And I so much appreciate your help hun :) TY!



:)
  • 0

Advertisements


#26
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

AOL browser is IE rebadged, same weaknesses and vulnerabilities, just stick with getting spywareblaster and spywareguard. Both are small and good.

UKBiker
  • 0

#27
Resident_Blonde

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts
OK (sighs) I'll add Spyguard (kicks foot along floor and pouts)


:)





:tazz:
  • 0

#28
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP