Subject: | |
From: | |
Reply To: | |
Date: | Fri, 26 Jan 2007 01:20:51 EST |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi can any one tell me whats safe to delete from this mess - thanks . . .
Logfile of HijackThis v1.99.1
Scan saved at 10:42:21 PM, on 1/25/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WMCONNECTA\WWM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ABISUITE2\ABIWORD\BIN\ABIWORD.EXE
C:\PROGRAM FILES\WON\WONPLAY.EXE
C:\PROGRAM FILES\WON\WONPLAY\WORDOX\WORDOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.netscapeconnect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by CompuServe
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} -
C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
- C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InstUtlR.exe] InstUtlR.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100
Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Netscape Connect Tray Icon.lnk = C:\wmconnecta\wmtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&
c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate -
{06FE5D05-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch
&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL -
{06FE5D02-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch
&c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host -
{06FE5D03-8F11-11d2-804F-00105A133818} -
http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=1c00&lc=0409 (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
- C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -
file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file
missing) (HKCU)
O14 - IERESET.INF:
START_PAGE_URL=http://www.compuserve.com/gateway/default.asp
O16 - DPF: {8FBFE5FF-5E98-11D3-80AF-00C04FCFBC72} (SurveyCtl35 Class) -
http://activex.microsoft.com/controls/mtswizards/sw35.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_34.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -
http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX
Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
Robert Jones - [log in to unmask]
The NOSPIN Group is now offering Free PC Tech
support at our newest website:
http://freepctech.com
|
|
|