Annoyances.org - re: Evil "lexplore" virus hijacked me (Windows 98 Discussion Forum)


Home » Windows 98 Discussion Forum » Message 1086725280	Search \| Help \| Home

Tip: Run a free scan for common Windows errors

re: Evil "lexplore" virus hijacked me
Tuesday, June 8, 2004 at 1:08 pm
Windows 98 Annoyances Discussion Forum
Posted by Dan (1278 messages posted)

Hi GG66, just wanted to get in on this thread so I would get the results of the read on your HiJackThis Scan Log whenever one of the posters that feel they are qualified checks it out for you--I have little time reading these logs, but notice a lot of ".exe " and other lines that need checked whether they are good or bad entries, and offer a few suggestions--: 1. You said that you already have SpywareBlaster installed--well, that has a data base of undesireable ActiveX and hostile Cookies, and since SpywareBlaster will keep whatever is in the data base from running even if they are on your system, you could be masking some of the problems. 2. Instead of running HijackThis from the desktop, create a folder of its own other then a "Temp" folder as it creates backups as I understand it... 3. Prior to posting a log check the "check this box to preserve your spacing"--facilitates reading of the log--wraps each line entry for easier reading.

On Tuesday, June 8, 2004 at 11:24 am, gammagirl66 wrote:
>I already have the Spybot 1.3 and it consistently hangs at 9469/14284. I have deleted
>my TIF files but when I check the "Delete all offline content" box it hangs and I
>can't come back from that. When I do the *.tmp file search I get the message that
>I have to refine my search and it hangs when I even move my cursor over to the "File"
>droplist thing. I have read the SpywareBlaster info! I have installed and run Hijack
>This and the results follow. I am mystified but grateful for your help. I know
>it's annoying when people don't know much but computers are complicated though they
>appear innocuous enough - it's hard to know what you need to know and what you should
>be doing to maintain yourself so you don't get caught in a situation like this.
>
>Logfile of HijackThis v1.97.7
>Scan saved at 11:20:50 AM, on 6/8/04
>Platform: Windows 98 Gold (Win9x 4.10.1998)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
>Running processes:
>C:\WINDOWS\SYSTEM\KERNEL32.DLL
>C:\WINDOWS\SYSTEM\MSGSRV32.EXE
>C:\WINDOWS\SYSTEM\mmtask.tsk
>C:\WINDOWS\SYSTEM\MPREXE.EXE
>C:\COMPAQ\ACCESS\ENCOMPASS\MONITOR.EXE
>C:\PROGRAM FILES\MCAFEE\PGP\IKESERVICE.EXE
>C:\WINDOWS\SYSTEM\MSTASK.EXE
>C:\PROGRAM FILES\BITWARE\CBWATTN.EXE
>C:\PROGRAM FILES\BITWARE\CBWHOST.EXE
>C:\WINDOWS\SYSTEM\TAPISRV.EXE
>C:\WINDOWS\TASKMON.EXE
>C:\WINDOWS\SYSTEM\SYSTRAY.EXE
>C:\WINDOWS\SYSTEM\ATICWD32.EXE
>C:\WINDOWS\SYSTEM\ATITASK.EXE
>C:\MOUSE\SYSTEM\EM_EXEC.EXE
>C:\COMPAQ\INTERNET\CISRVR.EXE
>C:\WINDOWS\SYSTEM\SXGDSENU.EXE
>C:\PROGRAM FILES\SONIC IMPACT A3D\VRTXCTRL.EXE
>C:\WINDOWS\SYSTEM\DDHELP.EXE
>C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
>C:\WINDOWS\SYSTEM\CQSCP2PS.EXE
>C:\WINDOWS\SYSTEM\SHPC32.EXE
>C:\WINDOWS\SYSTEM\LEXBCES.EXE
>C:\WINDOWS\SYSTEM\CQSCP2PS.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE UTILITIES\COMDLGEX.EXE
>C:\WINDOWS\SYSTEM\RPCSS.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE UTILITIES\STARTM.EXE
>C:\WINDOWS\SYSTEM\HPZTSB03.EXE
>C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
>C:\WINDOWS\SYSTEM\SPOOL32.EXE
>C:\WINDOWS\LOADQM.EXE
>C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
>C:\PROGRAM FILES\MCAFEE\MCAFEE UTILITIES\HDE.EXE
>C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
>C:\WINDOWS\MSCMGR.EXE
>C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
>C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
>C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
>C:\WINDOWS\EXPLORER.EXE
>C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
>
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=enu
>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
>R3 - Default URLSearchHook is missing
>O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED
>PROGRAM FILES\SBCIE026.DLL
>O2 - BHO: (no name) - {bcfad060-b146-11d7-8ce3-0008c713a59e} - (no file)
>O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT
>5.0\READER\ACTIVEX\ACROIEHELPER.OCX
>O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
>O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\SYSTEM\ZEDD4.DLL
>O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - C:\PROGRA~1\SYSTEM\MISC\MBH19.DLL
>(file missing)
>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot
>- Search & Destroy\SDHelper.dll
>O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
>O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
>O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
>O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
>O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
>O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
>O4 - HKLM\..\Run: [AtiKey] Atitask.exe
>O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
>O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
>/NORESTART
>O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
>O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
>O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\McAfee\VirusScan\VSECOMR.EXE
>O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
>O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\asp4setp.exe 3
>O4 - HKLM\..\Run: [SonicA3DControl] C:\PROGRA~1\SONICI~1\VrtxCtrl.exe
>O4 - HKLM\..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
>O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
>O4 - HKLM\..\Run: [cqscp2ps.exe] C:\WINDOWS\SYSTEM\cqscp2ps.exe
>O4 - HKLM\..\Run: [LexStart] Lexstart.exe
>O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe
>O4 - HKLM\..\Run: [SHPC32] shpc32.exe
>O4 - HKLM\..\Run: [CQSCP2PSERVER] CQSCP2PS.EXE
>O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\MCAFEE\OILCHA~1\OCTray32.exe Start
>O4 - HKLM\..\Run: [NB Common Dialog Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\comdlgex.exe
>O4 - HKLM\..\Run: [Start Menu Enhancements] C:\PROGRA~1\MCAFEE\MCAFEE~1\startm.exe
>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
>O4 - HKLM\..\Run: [LoadQM] loadqm.exe
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
>-osboot
>O4 - HKLM\..\Run: [Icon Animation] C:\PROGRAM FILES\MCAFEE\MCAFEE UTILITIES\HDE.EXE
>/hook
>O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
>O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
>O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
>O4 - HKLM\..\Run: [MSN Manager] C:\WINDOWS\mscmgr.exe
>O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
>O4 - HKLM\..\RunServices: [CBWHost] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWHOST.EXE
>O4 - HKLM\..\RunServices: [CBWAttn] C:\PROGRA~1\BITWARE\CBWEXEC.EXE /Run C:\PROGRA~1\BITWARE\CBWATTN.EXE
>O4 - HKLM\..\RunServices: [EncMonitor] c:\compaq\access\Encompass\Monitor.exe
>O4 - HKLM\..\RunServices: [IKEService95] C:\Program Files\McAfee\PGP\IKEService.exe
>O4 - HKLM\..\RunServices: [McAfee Image] C:\PROGRA~1\MCAFEE\MCAFEE~1\image32.exe
>/auto
>O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
>O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\WINST.EXE
>O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
>O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
>O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe"
>-turbo
>O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
>O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
>O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
>O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
>O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
>O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
>O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
>O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
>O9 - Extra button: Print Favorites (HKLM)
>O9 - Extra 'Tools' menuitem: Print &Favorites... (HKLM)
>O9 - Extra button: Real.com (HKLM)
>O9 - Extra button: SideStep (HKLM)
>O9 - Extra button: WeatherBug (HKCU)
>O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
>O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
>O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
>O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k00719/sb026.cab
>O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
>O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
>

Written in response to:
re: Evil "lexplore" virus hijacked me (geehawgirl: Tuesday, June 8, 2004 at 11:24 am)

There are presently no replies to this message.

All messages in this thread [show all]
Evil "lexplore" virus hijacked me (geehawgirl: Thu, Jun 3, 2004, 10:30 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Thu, Jun 3, 2004, 11:59 pm)

re: Evil "lexplore" virus hijacked me (Carl S.: Fri, Jun 4, 2004, 4:26 am)

re: Evil "lexplore" virus hijacked me (David: Fri, Jun 4, 2004, 2:32 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 4, 2004, 6:16 pm)

re: Evil "lexplore" virus hijacked me (David: Fri, Jun 4, 2004, 6:26 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 4, 2004, 11:30 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Fri, Jun 4, 2004, 7:36 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Fri, Jun 4, 2004, 7:50 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 4, 2004, 11:23 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Sun, Jun 6, 2004, 9:38 am)

re: Evil "lexplore" virus hijacked me (David: Sun, Jun 6, 2004, 9:04 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Mon, Jun 7, 2004, 12:04 am)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Mon, Jun 7, 2004, 2:53 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Mon, Jun 7, 2004, 10:51 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Mon, Jun 7, 2004, 11:16 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Tue, Jun 8, 2004, 11:24 am)

re: Evil "lexplore" virus hijacked me (Dan: Tue, Jun 8, 2004, 1:08 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Tue, Jun 8, 2004, 2:14 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Tue, Jun 8, 2004, 6:26 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Tue, Jun 8, 2004, 7:01 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Tue, Jun 8, 2004, 9:32 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Tue, Jun 8, 2004, 11:43 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Wed, Jun 9, 2004, 12:53 am)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Wed, Jun 9, 2004, 1:09 am)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Wed, Jun 9, 2004, 2:00 am)

re: Evil "lexplore" virus hijacked me (geehawgirl: Wed, Jun 9, 2004, 8:58 am)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Wed, Jun 9, 2004, 3:44 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Wed, Jun 9, 2004, 11:25 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Thu, Jun 10, 2004, 11:38 am)

re: Evil "lexplore" virus hijacked me (geehawgirl: Thu, Jun 10, 2004, 9:48 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 11, 2004, 12:35 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 11, 2004, 12:50 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Fri, Jun 11, 2004, 10:23 pm)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Fri, Jun 11, 2004, 11:05 pm)

re: Evil "lexplore" virus hijacked me (geehawgirl: Sat, Jun 12, 2004, 12:24 am)

re: Evil "lexplore" virus hijacked me (Ms. Eagle: Sat, Jun 12, 2004, 12:57 am)

Reply or follow-up to this message
Search this forum
Start a new thread on a different subject
Report abuse of the forum
Return to the Windows 98 Discussion Forum