re: lexplore Sunday, March 21, 2004 at 3:05 am Windows 98 Annoyances Discussion Forum Posted by lina (209 messages posted) Hi, Carol, That's gone a long correspondence, init? :} Thanks for being willing to help me. I tried deleting the files in Windows/Temp today and this one I am denied access to today. ~dff776.tmp Otherwise, he is the saved log from Hijack as well as the startup list: Logfile of HijackThis v1.97.7 Scan saved at 11:14:51, on 21/03/04 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\F-PROT ANTIVIRUS\F-STOPW.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Program Files\F-Prot Antivirus\F-STOPW.EXE" O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O11 - Options group: [TB] Toolbar O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab and StartupList report, 21/03/04, 11:15:24 StartupList version: 1.52 Started from : C:\PROGRAM FILES\HIJACKTHIS.EXE Detected: Windows 98 Gold (Win9x 4.10.1998) Detected: Internet Explorer v4.72 SP1 (4.72.3110.0000) * Using default options ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\F-PROT ANTIVIRUS\F-STOPW.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemTray = SysTray.Exe F-STOPW.EXE = "C:\Program Files\F-Prot Antivirus\F-STOPW.EXE" -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=Explorer.exe SCRNSAVE.EXE= drivers=mmsystem.dll power.drv -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 20/3/2004, 18:24:20) [Rename] NUL=c:\windows\cookies\pc-user@ehg-autotrader_hitbox(1).txt NUL=c:\windows\cookies\pc-user@valueclick.txt NUL=c:\windows\cookies\pc-user@adviva(1).txt NUL=c:\windows\cookies\pc-user@overture(1).txt NUL=c:\windows\cookies\pc-user@doubleclick(1).txt NUL=c:\windows\cookies\pc-user@hitbox.txt NUL=c:\windows\cookies\pc-user@bluestreak.txt NUL=c:\windows\cookies\pc-user@atdmt(1).txt -------------------------------------------------- C:\AUTOEXEC.BAT listing: mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi) mode con codepage select=850 keyb uk,,C:\WINDOWS\COMMAND\keyboard.sys -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job -------------------------------------------------- Enumerating Download Program Files: [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL -------------------------------------------------- End of report, 3,001 bytes Report generated in 1.317 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Please, do tell me how to search the Registry editor properly. I had done through the Find button before. It's a pity I can't run no online scan, cause you said that lexplore is a worm and can be removed by them. Shall try downloading a worm removing program? Carol, I am surprised and you will be, I checked - I have IE 4.0! My connection is a dial-up and it's not extremely fast but it's quite good when downloading programs. Good morning! lina Written in response to: re: lexplore (Ms. Eagle: Saturday, March 20, 2004 at 4:18 pm) Responses to this message: re: lexplore (Ms. Eagle: Sunday, March 21, 2004 at 12:20 pm) All messages in this thread [show all] CW-Shredder help, please? (lina: Sun, Mar 14, 2004, 1:49 pm) re: CW-Shredder help, please? (Ms. Eagle: Sun, Mar 14, 2004, 2:07 pm) re: CW-Shredder help, please? (triplate: Sun, Mar 14, 2004, 6:57 pm) re: CW-Shredder help, please? (Ms. Eagle: Sun, Mar 14, 2004, 7:23 pm) re: CW-Shredder help, please? (lina: Wed, Mar 17, 2004, 7:43 am) re: CW-Shredder help, please? (Ms. Eagle: Wed, Mar 17, 2004, 11:50 am) re: CW-Shredder help, please? (lina: Wed, Mar 17, 2004, 1:45 pm) re: CW-Shredder help, please? (Ms. Eagle: Wed, Mar 17, 2004, 2:29 pm) re: CW-Shredder help, please? (lina: Thu, Mar 18, 2004, 9:09 am) re: CW-Shredder help, please? (lina: Thu, Mar 18, 2004, 9:58 am) re: CW-Shredder help, please? (Ms. Eagle: Thu, Mar 18, 2004, 11:10 am) re: CW-Shredder help, please? (lina: Thu, Mar 18, 2004, 5:53 pm) re: CW-Shredder help, please? (Ms. Eagle: Thu, Mar 18, 2004, 6:38 pm) re: CW-Shredder help, please? (lina: Fri, Mar 19, 2004, 8:48 am) it's all ok now! (lina: Fri, Mar 19, 2004, 10:36 am) re: it's all ok now! (Ms. Eagle: Fri, Mar 19, 2004, 12:38 pm) lexplore (lina: Sat, Mar 20, 2004, 3:26 am) re: lexplore (Ms. Eagle: Sat, Mar 20, 2004, 1:52 pm) re: lexplore (lina: Sat, Mar 20, 2004, 3:44 pm) re: lexplore (Ms. Eagle: Sat, Mar 20, 2004, 4:18 pm) re: lexplore (lina: Sun, Mar 21, 2004, 3:05 am) re: lexplore (Ms. Eagle: Sun, Mar 21, 2004, 12:20 pm) re: lexplore (Ms. Eagle: Sat, Mar 20, 2004, 6:27 pm) found it! (lina: Sun, Mar 21, 2004, 2:30 pm) re: found it! (Ms. Eagle: Sun, Mar 21, 2004, 5:33 pm) lexplore (lina: Mon, Mar 22, 2004, 8:18 am) lexplore (lina: Mon, Mar 22, 2004, 8:39 am) re: lexplore (Ms. Eagle: Mon, Mar 22, 2004, 1:34 pm) re: lexplore (lina: Tue, Mar 23, 2004, 8:19 am) re: lexplore (Ms. Eagle: Tue, Mar 23, 2004, 10:55 am) re: lexplore (Ms. Eagle: Mon, Mar 22, 2004, 11:31 pm) re: CW-Shredder help, please? (Ms. Eagle: Sun, Mar 14, 2004, 10:44 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows 98 Discussion Forum