Help again

  1. 21-01-2005  #1
    reddwarf
    reddwarf is offline Valued Member

    Help again

    Hi, Could someone check this Hijackthis log file foe me. It seem everytime I start up the computer something is wrong. Thanks

    Logfile of HijackThis v1.99.0
    Scan saved at 12:37:44 PM, on 21-Jan-2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\QUICKEN 2004\QAGENT.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\VERSATO.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\MEDIAPLAYER.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\OSD.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\MAILCHK.EXE
    C:\MY SAVED PROGRAMS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QAGENT] C:\PROGRAM FILES\QUICKEN 2004\QAGENT.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunOnce: [MPE0] "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe" -s "C:\Program Files\Norton SystemWorks\Norton CleanSweep\IM005655.CIL" rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\mpe.inf,BDAcodec
    O4 - Startup: Versato.lnk = C:\Program Files\Ortek\Versato\Versato.exe
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken 2004\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\Program Files\Quicken 2004\BILLMIND.EXE

  3. 21-01-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Can you post back and ensure you post the ENTIRE log. Looks a bit on the short side to me.
  4. 23-01-2005  #3
    reddwarf
    reddwarf is offline Valued Member
    Try again, I have the newest version of Hijack this.
    Logfile of HijackThis v1.99.0
    Scan saved at 4:47:39 PM, on 23-Jan-2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
    C:\PROGRAM FILES\QUICKEN 2004\QAGENT.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\VERSATO.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\PROGRAM FILES\ORTEK\VERSATO\MEDIAPLAYER.EXE
    C:\PROGRAM FILES\ORTEK\VERSATO\OSD.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY SAVED PROGRAMS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QAGENT] C:\PROGRAM FILES\QUICKEN 2004\QAGENT.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunOnce: [MPE0] "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe" -s "C:\Program Files\Norton SystemWorks\Norton CleanSweep\IM005655.CIL" rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\mpe.inf,BDAcodec
    O4 - Startup: Versato.lnk = C:\Program Files\Ortek\Versato\Versato.exe
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken 2004\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\Program Files\Quicken 2004\BILLMIND.EXE
  5. 23-01-2005  #4
    owen
    owen is offline D-A-L Team Member (UK)
    Thats a clean log. You have got a lot of things running at Startup though. To learn how to optimise your PCs performance and find out whats starting up, read the Cleaning Up and Speeding Up thread at the top of this forum.

    Also ensure you get to Windows Update (http://windowsupdate.microsoft.com) ASAP. You are at risk running Internet Explorer Version 5.5. You need to get upgraded to version 6.0.
  6. 29-01-2005  #5
    reddwarf
    reddwarf is offline Valued Member
  7. 29-01-2005  #6
    reddwarf
    reddwarf is offline Valued Member
    Thank you, yes I will read the cleaning up and speeding up. I am always at risk I have an ISP, we live in the country and believe it or not we still have copper phone lines. No broadband. It would take me a day to download all the updates. Thanks again for the help.
  8. 29-01-2005  #7
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    You are in Australia I'm guessing so you can't order the CD from Microsoft. I know being on Dial Up is a pest and it will take ages (I had to download about 15 XP Updates once on Dial Up, it took me about 3/4 hours but its worth it to have a secure PC), but I suggest you do download those updates regardless of whether or not your on dial up. They are extremely important.
+ Reply to Thread
« Hijackthis log | Don't have a clue »