Spybot S&D

Logfile of HijackThis v1.97.7
Scan saved at 12:06:05 AM, on 3/12/04
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\CBA\PDS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\CBA\XFR.EXE
C:\PROGRAM FILES\CYBERARMOR\PCS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSGSYS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\REAL\PLAYER\REALPLAY.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\TOOLS_95\IMGICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\PROGRAM FILES\CYBERARMOR\PCSHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
F:\GARY\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSWHEEL] C:\WINDOWS\SYSTEM\mswheel.exe
O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\Hgcctl95.exe
O4 - HKLM\..\Run: [CyberArmorLoader] pcsldr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [RealTray] C:\REAL\PLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [freesurfer] C:\PROGRAM FILES\FREE SURFER\fs20.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [Intel PDS] c:\windows\system\cba\pds.exe
O4 - HKLM\..\RunServices: [Intel File Transfer] c:\windows\system\cba\xfr.exe
O4 - HKLM\..\RunServices: [TMA Distribution] c:\windows\system\cba\lcfinst.exe
O4 - HKLM\..\RunServices: [CyberArmorLoader] pcsldr.exe
O4 - HKLM\..\RunOnce: [TurboTax Premier Home & Business 2002] "C:\Program Files\TurboTax\Premier Home & Business 2002\TaxUnst.EXE" "C:\Program Files\TurboTax\Premier Home & Business 2002\32bit\Ttax.exe" -Run
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .dcr: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NP32DSW.DLL
O13 - WWW. Prefix: http://
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shopintuit.com/Executables/IE/IDA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/9891/toolbar/2020Search.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ms.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = ms.com

 

Hi Gary,

Please download, unzip and run CWShredder.exe by pressing the *Fix* button. Follow the instructions as prompted. Then reboot your computer once CWShredder is finished.

Rescan with HijackThis and post a new log. There are other items there that will need to be fixed.

Regards,

snap