Hijackthis log or how I was a bad boy !!!!
- Thread starter Samstoned
- Start date
- Status
RealBlackStuff
Posts: 6,450 +3
Don't know why your programs shut down, probably NOT because of a Hijack.
Whittling down your log, there is not that much wrong.
I don't like the R1, but I don't know what it is supposed to look like when you run a server.
HJT can 'fix' this for you. It makes a backup of every change, so you can always 'undo' it.
Let HJT 'fix' the mentioned O16 entries.
www.m71.com is a Eastern-European website under construction. Unless you are Eastern-European yourself, and/or the owner of this website, I'd find this very suspicious.
O17 entries are signs of hi-jacked websites.
So, unless this m71.com is yours, let HJT 'fix' them as well.
To do so, boot in Safe Mode, run HJT on its own, and let it 'fix' that lot.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:80;http=localhost:80;https=localhost:80;socks=localhost:1080
O16 - DPF: {0000000C-0000-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38363.5430902778
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m7l.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{}: NameServer = deleted for security
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m7l.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = m7l.com
You should install W2K-SP4 and about 30-odd W2K-updates after that!
Whittling down your log, there is not that much wrong.
I don't like the R1, but I don't know what it is supposed to look like when you run a server.
HJT can 'fix' this for you. It makes a backup of every change, so you can always 'undo' it.
Let HJT 'fix' the mentioned O16 entries.
www.m71.com is a Eastern-European website under construction. Unless you are Eastern-European yourself, and/or the owner of this website, I'd find this very suspicious.
O17 entries are signs of hi-jacked websites.
So, unless this m71.com is yours, let HJT 'fix' them as well.
To do so, boot in Safe Mode, run HJT on its own, and let it 'fix' that lot.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:80;http=localhost:80;https=localhost:80;socks=localhost:1080
O16 - DPF: {0000000C-0000-0000-0000-000000000000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38363.5430902778
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m7l.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{}: NameServer = deleted for security
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m7l.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = m7l.com
You should install W2K-SP4 and about 30-odd W2K-updates after that!
Samstoned
Posts: 1,009 +0
Thank You will check on the proxy thing I don't remember setting that up
yes thats my server
I ran in safe mode used mcafee did find 1 file a c.bat
switched to kaspersky found 14 virus + trojans in system
had to do a complete browser removal and replace
gotta warn about this search I was looking for computer remote control software
like VNC ,but with manager controls clicked into the wrong website
it looked official enough asked if I wanted a demonstation of software
thats how I got the bug
it took over 10 hours to check all my drives
yes thats my server
I ran in safe mode used mcafee did find 1 file a c.bat
switched to kaspersky found 14 virus + trojans in system
had to do a complete browser removal and replace
gotta warn about this search I was looking for computer remote control software
like VNC ,but with manager controls clicked into the wrong website
it looked official enough asked if I wanted a demonstation of software
thats how I got the bug
it took over 10 hours to check all my drives
RealBlackStuff
Posts: 6,450 +3
- Status
Similar threads
Latest posts
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- captaincranky replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
