|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-27-2004, 09:39 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 6
OS: Win98SE
|
HiJack Help Please
I found this forum last week after a computer crash resulting in having to reinstall Windows 98 SE. I have read lots of posts and so far have downloaded and installed: Adaware, Spybot S&D, Spyware Blaster, CWShredder and Spyware Guard I have run the RAV Antivirus scan and the TrendMicro scan. I have, of course, emptied out caches and temp.files and recycle bin. I still receive this message after cleaning up infected stuff:
DSO Exploit Data source object exploit HKEY_USERS\DEFAULT\Software\Microsoft\Windows\Current Version\Internet Settings\Zones\0\100 (I did clean up corrupt files but did not do anything with this because I do not know anything about registry changes except not to mess with them.) I installed and ran HiJack this and this is the log: I would certainly be grateful for any help. Thanks so much. Logfile of HijackThis v1.98.2 Scan saved at 8:16:31 AM, on 9/27/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\CSAFE\AUTOCHK.EXE C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE C:\PROGRAM FILES\EASY CD CREATOR\DIRECTCD.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\CATROOT\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE C:\WINDOWS\CATROOT\SPYWAREGUARD\SGBHP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLWBSPD.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\CATROOT\HIJACKTHIS.EXE N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\d5m3zpu7.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\WINDOWS\CATROOT\SPYWAREGUARD\DLPROTECT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Easy CD Creator\DIRECTCD.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: SpywareGuard.lnk = C:\WINDOWS\CATROOT\SpywareGuard\sgmain.exe O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Startup: PowerReg SchedulerV2.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net Last edited by can't compute : 09-27-2004 at 09:41 AM. Reason: "install Windows 98" should read reinstall Windows 98 |
|
     
|
|
09-28-2004, 06:56 AM
|
#3 (permalink) |
|
Analyst, Security Team
|
Nothing looks wrong in the log here. Are you having any problems or just getting that DSO exploit message?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
09-28-2004, 09:34 AM
|
#4 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 6
OS: Win98SE
|
Minor problems
Well, pages take longer than normal to load. And the computer "hangs" or "stalls" at sign-on and when closing down. And it had not done that before. I didn't know if that message related to these things or not. I know very little about computers. Thanks for checking the log. It makes me feel a bit better to know that things look ok.
|
|
|
|
|
| Thread Tools | |
|
|
