Question

Spyware Problems Hijackthis log

Asked by: kak268

I am having some trouble with a computer having constant pop ups.  I uninstalled a ton of adware and ran spybot several times.   I also ran panda active scan.  All now give a clean report, but I am still having constant pop ups.  I ran hijack this and see many entries that look suspect, however I am not confident enough to identify all of them.  If you could please take a look at my log I would appreciate it.  I also see two tasks running that seem suspect.  Tont.exe, and d1/2dplay.exe.

----------------
Logfile of HijackThis v1.97.7
Scan saved at 11:10:17 AM, on 3/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\d?dplay.exe
C:\Documents and Settings\kenc\Application Data\tont.exe
C:\Program Files\AccuWeatherDesktop\AccuWeatherDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kenc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.4:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O2 - BHO: (no name) - {366DE7EA-5602-7EF9-7CE9-0795CFA7DC9D} - C:\WINNT\system32\pci.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [Eojui] C:\WINNT\system32\d?dplay.exe
O4 - HKCU\..\Run: [Raaa] C:\Documents and Settings\kenc\Application Data\tont.exe
O4 - Global Startup: AccuWeather.com® Desktop.lnk = C:\Program Files\AccuWeatherDesktop\AccuWeatherDesktop.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37698.5033796296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lmakefield
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6EE89D1-53B1-47BD-AD81-546DCF16246C}: NameServer = 192.168.100.222,192.168.100.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lmakefield
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lmakefield

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-03-09 at 08:18:29ID21343869
Topic

Windows Network Security

Participating Experts
5
Points
500
Comments
9

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Hijackthis
    What do I delete onLogfile of HijackThis v1.97.7 I have not used this program before and am wondering what to delete? Scan saved at 10:41:26 AM, on 11/23/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C...
  2. HiJackThis log
    The following is a log I got from HiJackThis. Can someone tell me if they see something here. This workstation's print spooler service is halting the var file. Yes it uses an lpr port for printers. Logfile of HijackThis v1.97.7 Scan saved at 9:49:34 AM, on 6/2/2004 Platfo...
  3. help with hijackthis
    hi - i am trying to clean a friends computer, because she wasnt able to log onto the internet anymore. her puter was completely overcome with spyware, adware, trojans. i have run adaware, spybot, shredder and it found hundreds. can someone please look at this log and tell me ...
  4. Hijackthis Log
    Keep getting popups. I ran Ad Aware Se and Spybot SD 1.3 but I am still getting them. Here is my Hijackthis log Logfile of HijackThis v1.97.7 Scan saved at 6:09:55 AM, on 12/2/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: davidis99Posted on 2005-03-09 at 08:52:08ID: 13497835

In addition to the ones you mentioned, here are some more items you should definitely remove.

1) Use the MSCONFIG utility to disable the following:

O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

You can read about them at:
http://castlecops.com/clsid-1376.html
http://castlecops.com/startuplist-5621.html
http://castlecops.com/startuplist-5622.html

2)  You also have these four entries
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

http://www.kephyr.com/spywarescanner/library/targetsoft.inetadpt/index.phtml

Aside from Spybot, you should try additional tools such as Ad-aware, MS Antispy, and Ewido to remove these, and install spyware blaster to help keep items from getting onto the PC in the future.

 

by: MrArubaPosted on 2005-03-09 at 09:02:14ID: 13497957

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [Eojui] C:\WINNT\system32\d?dplay.exe
O4 - HKCU\..\Run: [Raaa] C:\Documents and Settings\kenc\Application Data\tont.exe
O4 - Global Startup: AccuWeather.com® Desktop.lnk = C:\Program Files\AccuWeatherDesktop\AccuWeatherDesktop.exe

ALL ABOVE SHOULD BE REMOVED

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

To fix the you 'll need winsockfix : download it here http://www.itc.virginia.edu/desktop/central/display/versions.php3?softwareID=67&nav=title

good luck

ps. I recommend to remove the accuweatherdesktop because this software delivers adware to your pc.



 

by: astaecPosted on 2005-03-09 at 09:31:38ID: 13498312

Did you first post the results in the free HijackThis Analyzer link?  It is ideal to only post the line items that need help, rather than posting the entire log as noted here:
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

Also curious if you've stayed current with WindowsUpdate for OS and IE and http://www.officeupdate.com for office related items to ensure you've installed needed patches/packs.

Also, checked the HOSTS file (no extension)?  AdAware SE Pro when updated is a great tool, when configured to do deep scanning and including the HOSTS file, as well as Spybot S&D, also when updated, and include the Immunize function to block more than 2300 intrusions, if not already done.

Have you also tried the Microsoft Malicious Software Removal tool (link in the following), as well as their AntiSpyware Beta application (with all updates)?
http://www.microsoft.com/security/incident/default.mspx

Microsoft Windows AntiSpyware (Beta) Home
Find out how to use the new Microsoft Windows AntiSpyware (Beta) to detect and remove spyware and other unwanted software that can track every move you make and compromise the personal information stored on your Windows computer..
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Download Windows AntiSpyware (Beta)
Windows AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software.
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
How to Protect Your Computer from Spyware and Adware
Describes how to determine if you have spyware or adware installed on your computer and how to get rid of it.
http://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spyware.mspx

Prior to doing cleanup,  consider the System Restore issue so that the problem does not resurface if it remains 'on'.... and be sure to do a deep scan using updated virus definition files with a good viruscan program (again, deep scanning all HDs).

Asta

 

by: astaecPosted on 2005-03-09 at 09:33:14ID: 13498329

Also if using MSN Messenger, could also be 'open door' if not updates and/or configured correctly; or Windows Messenger, as noted below...
Disable Windows Messenger PopUps
http://www.hooverwebdesign.com/templates/stop-messenger.html

Sometimes, if files are in use, SAFE MODE works.

Best of luck to you,
Asta

 

by: mwnnjPosted on 2005-03-09 at 09:34:23ID: 13498341

right ,remove also:
-------------------------------------------------------
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
if this is not your own decision to receive blank screen at startup of your browser
-------------------------------------------------------
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\d?dplay.exe
C:\Documents and Settings\kenc\Application Data\tont.exe  from starting up

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Eojui] C:\WINNT\system32\d?dplay.exe
O4 - HKCU\..\Run: [Raaa] C:\Documents and Settings\kenc\Application Data\tont.exe

O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

update the hijack log and posz back the new one,,,
besides ,also ggod software:
startup manager:
http://members.lycos.co.uk/codestuff/

heuristic tool:
http://www.winpatrol.com/download.html

later


 

by: rossfingalPosted on 2005-03-09 at 09:34:55ID: 13498347

Hi!

This is Experts-Exchange's policy concerning the posting of HijackThis logs:
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html
Don't worry: you haven't really broken any rules!  :)

In the future; if you have a HijackThis log that you'd like someone here to look at, do this -
Run HijackThis from a folder of it's own:something like -
C:\HJT\hijackthis. exe or C:\Program Files\HJT\hijackthis.exe
HJT makes backups and logfiles and it's a good idea to have them in one centralized place.

Also, the version of HijackThis you're using is outdated - latest ver. is 1.99.1
Download from here:
http://www.gatesofdelirium.com/ee/tools/

With all browser windows closed -
Run HijackThis -
Then copy and paste your log file into the Automatic Analysis site here:
http://www.hijackthis.de/index.php?langselect=english
Click on "Analyze" -
Then click on "Save Analysis" -
A page will open with your analyzed HJT log (this page will be saved for 3 days) -
Post a LINK to that page back here.
Please, do not post HJT logs here!

Someone will take a look at it.

You have other questionable entries showing in your log;
in addition to the one's davidis99 and MrAruba list above.

Good luck!

RF

 

by: kak268Posted on 2005-03-09 at 11:41:21ID: 13499680

Thank you all for your help!  The free analyzer was great.  Everything seems to be running smoothly now.  I split the points equally because each comment was helpful.  Thanks again!

 

by: rossfingalPosted on 2005-03-09 at 23:19:52ID: 13503668

Hi!

I'm glad someone here could give you some help!

Thanks and good luck!

RF

 

by: astaecPosted on 2005-03-10 at 05:52:11ID: 13505781

Thank you, hearing good news makes for a great day.  Best wishes to you.  ":0) Asta

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...