re: Cannot find the file Thursday, October 6, 2005 at 12:55 am Windows 98 Annoyances Discussion Forum Posted by Geoff (9 messages posted) Thanks Carol J I have carried out the steps you suggested - I think I got them all. I ran HJT & the logfile appears below: Logfile of HijackThis v1.99.1 Scan saved at 8:54:26 PM, on 10/6/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\NEWMIXER.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\NVATRAY.EXE C:\WINDOWS\SYSTEM\FPPDIS2A.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xtra.co.nz/search/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra R3 - Default URLSearchHook is missing N2 - Netscape 6: user_pref("browser.startup.homepage", "https://webmail.clear.net.nz/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\r4ak1be2.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\r4ak1be2.slt\prefs.js) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [C-Media Mixer] C:\WINDOWS\NewMixer.exe /startup O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe" O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: Diary.pif = C:\UTIL\DIARY.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab On Tuesday, October 4, 2005 at 5:57 pm, Carol J wrote: > >You have quite a bit there still, but I normally have users run spyware scans first. >Maybe you already have/had? Let me know, because you should after fixing these. I >didn't think, you'd have all this on your system. > >Check in Add/Remove programs for this MyWebSearch and Starware toolbar. Remove them, >if listed... >Adware.Starware: >http://securityresponse.symantec.com/avcenter/venc/data/adware.starware.html > >MyWebSearch: >http://www.doxdesk.com/parasite/MySearch.html > >Disconnect from the net. Close all open windows, then run HJT. Choose Fix checked. >Reboot. > >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet >Explorer provided by Xtra >R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM >FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL >O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL >O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL >O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} >- C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL >O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLL >O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE >O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE >O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE >O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE >O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE >O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\SYSTEM\MetaProducts\Add_Url.htm >O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYNZ > >{This ActiveX Object is from this malicious website: Screensavers.com}: >O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab > >{Fun Web Products (Smiley Central) = malware}: >O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/ >MyFunCardsFWBInitialSetup1.0.0.8.cab > >Delete this folder: >C:\Program Files\MyWebSearch > >Optional: These can be started as you use them. I'd get rid of the Norton programs >completely. Anti-crash programs should be avoided. They often cause the very problem, >they're s'posed to prevent. > >O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE" >O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER >O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe" >O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE >O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE >O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE > > > >color="003399">Dealing with Unwanted Spyware and Parasites Written in response to: re: Cannot find the file (Ms. Eagle: Tuesday, October 4, 2005 at 5:57 pm) Responses to this message: re: Cannot find the file (Ms. Eagle: Thursday, October 6, 2005 at 12:20 pm) All messages in this thread [show all] Cannot find the file (Geoff: Sun, Oct 2, 2005, 1:11 am) re: Cannot find the file (Donkey Fly: Sun, Oct 2, 2005, 1:57 pm) re: Cannot find the file (KeithT: Sun, Oct 2, 2005, 4:15 pm) re: Cannot find the file (Geoff: Sun, Oct 2, 2005, 2:47 pm) re: Cannot find the file (KeithT: Sun, Oct 2, 2005, 4:18 pm) re: Cannot find the file (Ms. Eagle: Sun, Oct 2, 2005, 5:49 pm) re: Cannot find the file (Ms. Eagle: Sun, Oct 2, 2005, 6:56 pm) re: Cannot find the file (Ms. Eagle: Sun, Oct 2, 2005, 7:01 pm) re: Cannot find the file (Geoff: Mon, Oct 3, 2005, 5:19 pm) re: Cannot find the file (gewg_: Mon, Oct 3, 2005, 5:34 pm) re: Cannot find the file (Ms. Eagle: Mon, Oct 3, 2005, 5:42 pm) re: Cannot find the file (Geoff: Tue, Oct 4, 2005, 1:26 am) re: Cannot find the file (Ms. Eagle: Tue, Oct 4, 2005, 5:57 pm) re: Cannot find the file (Geoff: Thu, Oct 6, 2005, 12:55 am) re: Cannot find the file (Ms. Eagle: Thu, Oct 6, 2005, 12:20 pm) re: Cannot find the file (Geoff: Fri, Oct 7, 2005, 1:19 am) re: Cannot find the file (Ms. Eagle: Fri, Oct 7, 2005, 7:28 pm) re: Cannot find the file (Geoff: Sat, Oct 8, 2005, 2:39 pm) re: Cannot find the file (Ms. Eagle: Fri, Oct 14, 2005, 6:00 pm) re: Cannot find the file (Ms. Eagle: Mon, Oct 3, 2005, 5:35 pm) re: Cannot find the file (mick: Mon, Oct 3, 2005, 3:50 am) re: Cannot find the file (mick: Mon, Oct 3, 2005, 4:01 am) re: Cannot find the file (Ms. Eagle: Mon, Oct 3, 2005, 12:05 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows 98 Discussion Forum