Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

NCSU7

17 Posts

5619

September 20th, 2004 01:00

Can anyone help me?

Hello all,

I'm having issues with my Internet Explorer and I can't get to the web to download spyware removal software.   I have a hijack this log, can anyone help me with my problem?  Thank you so much to anyone who is willing to help.

Logfile of HijackThis v1.97.7
Scan saved at 9:28:51 PM, on 9/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\TEMP\X3.EXE
C:\WINDOWS\SYSTEM\IEHOST.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\WINDOWS\SYSTEM\MSBB.EXE
C:\WINDOWS\SYSTEM\JUNLL32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\APPLICATION DATA\OOCS.EXE
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSTEM\LZEI32.EXE
C:\WINDOWS\SYSTEM\BCNPVKR.EXE
C:\WINDOWS\TPPSTRAY.EXE
C:\WINDOWS\SYSTEM\HPRTRY09.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\YATIOY8.EXE
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
C:\WINDOWS\SYSTEM\ZIH6JY6.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
A:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\SYSTEM\MSNKMI.DLL
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\SYSTEM\MSKCEO.DLL
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\SYSTEM\MSKHHE.DLL
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: (no name) - {6AA8460F-EF17-55B4-8753-60550DA97543} - C:\WINDOWS\SYSTEM\BQTQK.DLL
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\SYSTEM\MSFAOL.DLL
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\SYSTEM\MSEGGO.GIF
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\SYSTEM\MSJFBL.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [X3] C:\WINDOWS\TEMP\X3.EXE
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [4THQMFQ5XMTXYD] C:\WINDOWS\SYSTEM\HotEld.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [msbb] c:\windows\system\msbb.exe
O4 - HKLM\..\Run: [qq4X36X] JUNLL32.EXE
O4 - HKLM\..\Run: [urahiv] C:\WINDOWS\urahiv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\mscif.exe
O4 - HKCU\..\Run: [Uate] C:\WINDOWS\Application Data\oocs.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [b9v7RWbnh] LZEI32.EXE
O4 - HKCU\..\Run: [Rxyb] C:\WINDOWS\SYSTEM\bcnpvkr.exe
O4 - Startup: HP 2000C Taskbar Icon.lnk = C:\WINDOWS\SYSTEM\HPRTRY09.EXE
O4 - Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

Regards,

NCSU7

Midnight Star

4.8K Posts

September 20th, 2004 03:00

Ok, I did a little research for you and here are some things of interest. It would seem, at first glance, that you have multiple viruses/trojans/adware/spyware on your system. Here is a list of what I found. Remember don't delete these entries using HiJackThis. Make sure you know what your deleting or ask someone more familiar with these particular files.

 

C:\WINDOWS\TEMP\X3.EXE
 Strange running from a "temp" directory.

C:\WINDOWS\SYSTEM\IEHOST.EXE

C:\PROGRAM FILES\SAVE\SAVE.EXE
 WhenU.com SpyWare according to www.processlibrary.com

C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
 Adware according to http://www.spyany.com/files/pcsvc_exe.html

C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
 Adware according to http://www.2-spyware.com/file-dpi-exe.html

C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
 Adware according to http://www.anti-spy.info/file/updmgr.exe.html

C:\WINDOWS\SYSTEM\MSBB.EXE
 MSBB Web3000 Spyware Application according to www.processlibrary.com

C:\WINDOWS\SYSTEM\JUNLL32.EXE
 Trying to mimic rundll32.exe maybe?

C:\WINDOWS\RunDLL.exe
 LOXOSCAM virus according to www.processlibrary.com

C:\WINDOWS\SYSTEM\LZEI32.EXE

C:\WINDOWS\SYSTEM\BCNPVKR.EXE

C:\WINDOWS\SYSTEM\YATIOY8.EXE

C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE

C:\WINDOWS\SYSTEM\ZIH6JY6.EXE

C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
 BackWeb adware according to www.processlibrary.com

 

And here are the associated registry entries:

O4 - HKLM\..\Run: [X3] C:\WINDOWS\TEMP\X3.EXE
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [4THQMFQ5XMTXYD] C:\WINDOWS\SYSTEM\HotEld.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKCU\..\Run: [b9v7RWbnh] LZEI32.EXE
O4 - HKCU\..\Run: [Rxyb] C:\WINDOWS\SYSTEM\bcnpvkr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [msbb] c:\windows\system\msbb.exe
O4 - HKLM\..\Run: [qq4X36X] JUNLL32.EXE
O4 - HKLM\..\Run: [urahiv] C:\WINDOWS\urahiv.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\mscif.exe

.

Sorry, I didn't have time to check the BHO objects.

 

Mike.

 

jamez kann

2 Intern

 • 

860 Posts

September 20th, 2004 05:00

Here are list of sites where you will get expert advice fot your

Hijack this logs
 Include your Hijackthis log in the post while explaining your

problem at the same time.


Kill Spyware Forums
http://forums.subratam.org/index.php?showforum=7
tools needed to get help

http://forums.subratam.org/index.php?showtopic=7
Forum Led by: Forum Moderators,subratam,baskar1234(DELL

REGULAR),efwis,Metallica,psyne, SpyDie, normmork, Admin,chrisRLG(DELL

REGULAR)

http://www.bleepingcomputer.com/forums/forum22.html
Our Tutorials
http://www.bleepingcomputer.com/forums/forum6.html
How to submit a Hijackthis Log
http://www.bleepingcomputer.com/forums/topict956.html
HijackThis Tutorial - How to use HijackThis to remove Browser

Hijackers & Spyware
http://www.bleepingcomputer.com/forums/tutorial42.html

Forum Led by: Moderators, Global Moderator, groovicus,Grinler(DELL

REGULAR),harrywaldron,Papakid,

http://forums.net-integration.net/
Forum Led by: Global Moderator, Administrators, Technical Experts,

Technical Assistant, Team Spybot S&D, Technical Guide
TonyKlein,Eagle1,Galadriel,tashi,Archon_Wing,

http://forum.gladiator-antivirus.com/
Forum Led by: CalamityJane, LoPhatPhuud,

FatsGordon,Hunter,TheSentinel,

http://www.zerosrealm.com/forums/
Zero,Lopus,

http://www.malwarebytes.biz/forums/index.php?showforum=5
groovicus
HijackThis Logs
http://www.lavasoftsupport.com/index.php?showforum=44
Forum Led by: SpyDie, Lavasoft Admins, Moderators
Newbies
http://www.lavasoftsupport.com/index.php?showforum=34

Viruses, Spyware, AdwareHijackThis Logs
http://pcpitstop.ibforums.com/index.php?showforum=25

HijackThis Logs
http://networktechsupport.com/forums/index.php?showforum=20
Forum Led by: Kat

Virus and Spyware/Adware/Malware Issues
http://forums.thatcomputerguy.us/index.php?showforum=39

HijackThis Logs
http://spywarewarrior.com/viewforum.php?f=5
Moderators suzi, Mods, Experts, Distinguished Experts

Was this post helpful?

View All

No Events found!

Top