943,931 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Two HJT's for review after fresh install, no problems, no hurry
Ad:
Permalink
Sep 5th, 2004
0

Two HJT's for review after fresh install, no problems, no hurry

Expand Post »
Computer Make: Great Quality (yes, that's what it's really called)
Model: GQ3091
AMD Duron 1.6GHz CPU
384 MB RAM; 40GB HDD

I've just completed a fresh install of Win98SE & WinXP Pro (dual boot). Had a few buggers get in some how during the process but I believe I'm clean now. I've got an HJT log from each OS which I'll post separately, here's the one from Windows 98SE:

Logfile of HijackThis v1.98.2
Scan saved at 2:05:38 AM, on 9/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TOOL KIT\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
Similar Threads
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 5th, 2004
0

Re: Two HJT's after fresh install, no problems, no hurry

Here's the one from Windows XP Pro (with SP2):

Logfile of HijackThis v1.98.2
Scan saved at 2:25:56 AM, on 9/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\pctspk.exe
E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
E:\Documents and Settings\Hammy\Desktop\Tool Kit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ShortKeys 2.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

Thanks!
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 5th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

Looking good to me. As for how the bugs got in, you do know there are a lot of bugs that spread now through your network connection? In other words, you never get asked to install anything, it just happens, only thing required is a connection to the internet.

That could be how you got infected, on a small ISP you'll be scanned within 20 minutes or even less now, on average. On a large ISP, you'll be hit within seconds of connecting. So, you could be infected before you even have a chance to download the latest Windows Updates which could protect you.

I'd suggest a good firewall if you aren't running one now. (Hardware like you get with a router would be preferable, but even Zonealarm's software firewall will provide strong protection, (http://www.zonelabs.com) ).

Take care now.
Reputation Points: 15
Solved Threads: 6
Unverified User
DuncanIdaho is offline Offline
277 posts
since Aug 2004
Permalink
Sep 5th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

Just realized that PCCPFW.EXE is probably a firewall from PC-Cillin, so all told, you should be all set. :o
Reputation Points: 15
Solved Threads: 6
Unverified User
DuncanIdaho is offline Offline
277 posts
since Aug 2004
Permalink
Sep 6th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

I also have an SMC Barricade router that has a built-in firewall and on the XP partition, the XP firewall, so I think I'm about as protected as I can get. I thought the logs looked okay, just wanted another opinion. Thanks!
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 6th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

red.clients needs to go.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Sep 7th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

Thanks Crunchie, does it need to be in Safe Mode do you think, or does it matter?
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 7th, 2004
0

Re: Two HJT's for review after fresh install, no problems, no hurry

Normal mode will kill it ok .
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Please Help Me Get Rid Of Spyware
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Please Help A Newbie with homepage hijacking





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC