BTW I'm running Windows 98 and can run Task Manager in Safe Mode
Jelley
Jelley
HELP - Can't access Task Manager
It started off when I hit CTRL+ALT+DEL and I got the "blue screen of death" telling me an error occured, I could not continue so had to restart. Now, when every I try and access my Task Manager the computer restarts.I realy need some help so that I can sort out this problem.
Jelley
- Status
- Not open for further replies.
1 - 20 of 23 Posts
Did you have the msblast worm? One of the things it did was to cause your Task Manager not to open. This problem is resulting from a MSConfig=MSCONFIG35.EXE entry in the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Registry key. If you have this entry, delete it.
There may well be other reasons and if so, a Highjack This scan could help identify.
There may well be other reasons and if so, a Highjack This scan could help identify.
I have no entrys under that registry key as I disabled them all in order to determine the problem
Logfile of HijackThis v1.96.2
Scan saved at 16:47:35, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\UTILITIES\ANTI-VIRUS\BIGFIX\BIGFIX.EXE
C:\PROGRAM FILES\POPOOPS\POPOOPS.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5cc65900-cc37-11d8-b3d2-444553540000} - C:\WINDOWS\APPLICATION DATA\NLLCROOADV.DLL
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
Scan saved at 16:47:35, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\UTILITIES\ANTI-VIRUS\BIGFIX\BIGFIX.EXE
C:\PROGRAM FILES\POPOOPS\POPOOPS.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5cc65900-cc37-11d8-b3d2-444553540000} - C:\WINDOWS\APPLICATION DATA\NLLCROOADV.DLL
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
BRB on a 56k dial-up and got to make a phone call
No sign of MSCONFIG35.EXE
First, from start run system.ini so that it opens in Notepad.
Look under the [386Enh] header for an entry that says:
localreboot=off
just remove that; the default is on and when set to off it automatically reboots the system when you do a single ctrl-alt-del.
You will have to save the file with the change and reboot for the new setting to take effect.
Next, you have some search hijacks and odd BHO's that I would remove:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
O2 - BHO: (no name) - {5cc65900-cc37-11d8-b3d2-444553540000} - C:\WINDOWS\APPLICATION DATA\NLLCROOADV.DLL
>>>>
Other than that I don't see anything that could cause the task manager problem although you do have some install that apparently programs hot keys.
By the way, have you run msconfig and unchecked ALL items under there? It is a very bad idea to leave it that way. For one we cannot see what is there and for another, vital startups like ScanRegistry are disabled by doing that.
Look under the [386Enh] header for an entry that says:
localreboot=off
just remove that; the default is on and when set to off it automatically reboots the system when you do a single ctrl-alt-del.
You will have to save the file with the change and reboot for the new setting to take effect.
Next, you have some search hijacks and odd BHO's that I would remove:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://z9448.find-quick.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://z9448.find-quick.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://z9448.find-quick.com/searchbar.html
O2 - BHO: (no name) - {5cc65900-cc37-11d8-b3d2-444553540000} - C:\WINDOWS\APPLICATION DATA\NLLCROOADV.DLL
>>>>
Other than that I don't see anything that could cause the task manager problem although you do have some install that apparently programs hot keys.
By the way, have you run msconfig and unchecked ALL items under there? It is a very bad idea to leave it that way. For one we cannot see what is there and for another, vital startups like ScanRegistry are disabled by doing that.
Thanks a lot, I hope it works.
Can you let me whathow altered the file and how?
Also what are search hijacks and odd BHO's and what do they do.
Can you let me whathow altered the file and how?
Also what are search hijacks and odd BHO's and what do they do.
Do I remove them just by selecting and clicking "Fix Checked"
BTW I was not planning to leave all my startup files disabled
I can't find any information on that Browser Helper Object; somtimes legitimate programs use them to facilitate certain tasks with Internet Explorer. Other programs can use them for less beneficial purposes. Search Hijackers alter the search keys in the registry to point to their own websites rather than the ones that are default with Windows or which you have selected.
Yes, you check and "fix", but first close IE before hitting the 'fix' tab.
Also I just noticed you don't have any 04 startups. That means no default Windows startups are loading, some of them necessary, like ScanRegistry.
Did you run msconfig and uncheck the startup group or uncheck all entries under the startup tab?
Do NOT leave ScanRegistry disabled. You should also leave checked Systray and any antivirus applications that you have there. The others I can't comment on since I don't know what is there.
Yes, you check and "fix", but first close IE before hitting the 'fix' tab.
Also I just noticed you don't have any 04 startups. That means no default Windows startups are loading, some of them necessary, like ScanRegistry.
Did you run msconfig and uncheck the startup group or uncheck all entries under the startup tab?
Do NOT leave ScanRegistry disabled. You should also leave checked Systray and any antivirus applications that you have there. The others I can't comment on since I don't know what is there.
Yea I was going to enable the Reg Checker just turned it off temporarily
Any ideas as to what altered the system.ini file?
Could it have been done by installing a prog?
Could it have been done by installing a prog?
What is quick-find.com?
Here is my new log file, does everything look sound now?
Logfile of HijackThis v1.96.2
Scan saved at 17:49:12, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
Logfile of HijackThis v1.96.2
Scan saved at 17:49:12, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
So the system.ini file did contain that entry?
You still haven't enabled your startups so I don't know if something there could have done it. It might happen again when you do so. Otherwise the log looks fine.
The only thing there that might raise some suspicion is the Hot Keyboard application, but I would expect if it is a legitimate program that you would have specifically had to enable something for it to do that.
as for quickfind.com, I don't know that Hijacker put it there, but it's just a bogus site to redirect you to their own supported sponsors.
You still haven't enabled your startups so I don't know if something there could have done it. It might happen again when you do so. Otherwise the log looks fine.
The only thing there that might raise some suspicion is the Hot Keyboard application, but I would expect if it is a legitimate program that you would have specifically had to enable something for it to do that.
as for quickfind.com, I don't know that Hijacker put it there, but it's just a bogus site to redirect you to their own supported sponsors.
Yea its just a keyboard shortcut utility
Feel better?
Logfile of HijackThis v4.96.2
Scan saved at 18:03:37, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - HKCU\..\Run: [Hot Keyboard] C:\PROGRAM FILES\HOT KEYBOARD\HOTKEYB.EXE -minimized
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
Logfile of HijackThis v4.96.2
Scan saved at 18:03:37, on 31/08/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/Homepage/Index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Version 6.0.2800.1106
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - HKCU\..\Run: [Hot Keyboard] C:\PROGRAM FILES\HOT KEYBOARD\HOTKEYB.EXE -minimized
O8 - Extra context menu item: Handle with &Hot Keyboard - C:\PROGRAM FILES\HOT KEYBOARD\IEScript.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: TweakIE 3.1 (HKLM)
O9 - Extra 'Tools' menuitem: TweakIE 3.1 (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
1 - 20 of 23 Posts
- Status
- Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
