re: Hijackthis log Wednesday, March 31, 2004 at 11:33 pm Windows Me Annoyances Discussion Forum Posted by Levis (6 messages posted) This is the Hijackthis log I got from the scan. Logfile of HijackThis v1.97.7 Scan saved at 8:37:16 AM, on 4/1/04 Platform: Windows 95 B (Win9x 4.00.1111) MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP\IKESERVICE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE C:\WINDOWS\SYSTEM\NSCNTRL.EXE C:\WINDOWS\RunDLL.exe C:\SMARTDRAW PHOTO\SDPHOTOBAR.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP\PGPTRAY.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\EXPLORER.EXE C:\NEW FOLDER\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.22:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F1 - win.ini: run=hpfsched O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe O4 - HKLM\..\Run: [nscntrl] c:\windows\system\nscntrl.exe /noconnect O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [IKEService95] C:\Program Files\Network Associates\PGP\IKEService.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~2\SDPhotoBar.exe O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\JEIJBQIB.EXE O4 - Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP\PGPtray.exe O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\MSACCESS.EXE O11 - Options group: [TB] Toolbar O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O13 - WWW. Prefix: http:// O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.movie-browser.com/tl4000.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab On Wednesday, March 31, 2004 at 5:42 pm, MrCharlie wrote: > >They keep coming back because you have to delete the executable files associated >with them. Most of them are spy/adware. >Your quickest and best bet is download HiJackThis, here's two links: >CW-Shredder-Spybot-HJT >HiJackThis and Instructions >Then scan your system and save the log it creates. Create the log with everything >running, nothing unchecked in the task manager, this is important so they can see >everything that's running. Just tell them your problem and they will help you. You >can post it here: TomCoyote.com >HJT Forum. Don't you delete anything!! They are experts at doing this and there's >always someone there to help you, they will stick and work with you until the problems >are gone. It will be quicker then working with me because I'm only here a couple >of hours a night and I don't know of anyone else qualified on this forum to help >you. Let me know, if you want I will look at the HJT log but you will have to be >patient. MrC > > > > > > >). > > > > > > > > > > > Written in response to: re: After I end the tasks in task manager..... (MrCharlie: Wednesday, March 31, 2004 at 5:42 pm) There are presently no replies to this message. All messages in this thread [show all] Error while trying to install SWShredder (Levis: Fri, Mar 26, 2004, 5:20 am) re: Error while trying to install SWShredder (MrCharlie: Fri, Mar 26, 2004, 9:29 am) forgot to say.. (MrCharlie: Fri, Mar 26, 2004, 9:33 am) cannot find CoolWWWSearch.SmartKiller (v1/v2) (Levis: Mon, Mar 29, 2004, 4:54 am) re: cannot find CoolWWWSearch.SmartKiller (v1/v2) (MrCharlie: Mon, Mar 29, 2004, 3:15 pm) re: Now "Program has performed an illegal .... and will now shutdown" (Levis: Tue, Mar 30, 2004, 4:35 am) re: Now "Program has performed an illegal .... and will now shutdown" (MrCharlie: Tue, Mar 30, 2004, 2:38 pm) re: After I end the tasks in task manager..... (Levis: Wed, Mar 31, 2004, 4:58 am) re: After I end the tasks in task manager..... (MrCharlie: Wed, Mar 31, 2004, 5:42 pm) re: Hijackthis log (Levis: Wed, Mar 31, 2004, 11:33 pm) re: posted Hijackthis log (Levis: Wed, Mar 31, 2004, 11:42 pm) re: posted Hijackthis log (MrCharlie: Thu, Apr 1, 2004, 3:13 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows Me Discussion Forum