help - review hijackthis

Computing.Net > Forums > Security and Virus > help - review hijackthis

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

help - review hijackthis

Name: Georgia
Date: December 8, 2003 at 08:41:31 Pacific
OS: win98
CPU/Ram: celeron 63

Comment:

Can someone review my hijackthis list - i have had so much crap on this computer - ran adaware and spybot - removed the talkstocks.net that was picked up via aol aim...found something called BWQYSR.exe but can't find info on it. everytime i would start computer my outlook would start up. found this and have removed to recycle bin. now outlook is not starting w/ computer start up. does anyone know what it is?
thanks for any info!! please email me your response at gab@mris.com
regards,
georgia

Logfile of HijackThis v1.97.2
Scan saved at 11:27:38 PM, on 12/7/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\USBMMKBD.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\PROGRAM FILES\B'S CLIP\BSCLIP.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\RXXCFIPG.exe
C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {F67EFA7B-FDE0-3B06-5DC9-DC860B7F553F} - C:\windows\system\ktdoekhs.dll
O2 - BHO: (no name) - {71FB3E0C-3ED4-1AA3-7943-C4E639CABD38} - C:\windows\system\trhsdwpg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [fxmpntnm] C:\WINDOWS\rxxcfipg.exe
O4 - HKLM\..\Run: [xkq] C:\WINDOWS\SYSTEM\bwqysr.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [1Win32Cfg] C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37849.8935648148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21b0ab1be176afefb701/netzip/RdxIE601.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.pbcprc.com/CFIDE/classes/CFJava.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
__________________________\
startup from hijack this
StartupList report, 12/7/03, 11:29:00 PM
StartupList version: 1.52
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.exe
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\USBMMKBD.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\PROGRAM FILES\B'S CLIP\BSCLIP.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\RXXCFIPG.exe
C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.exe
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe
---------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
USBMMKBD = usbmmkbd.exe
HPScanPatch = C:\WINDOWS\SYSTEM\HPScanFix.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
Vshwin32EXE = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
VsStatEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
VsEcomrEXE = C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
B'sCLiP = C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.exe
fxmpntnm = C:\WINDOWS\rxxcfipg.exe
xkq = C:\WINDOWS\SYSTEM\bwqysr.exe
1Win32Cfg = C:\PROGRAM FILES\EXPLOREANYWHERE\ASSIST1\ASSIST.exe
---------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Hidserv = Hidserv.exe run
Encompass_ENCMONTR = C:\Program Files\Encompass\ENCMONTR.exe
Vshwin32EXE = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.exe
---------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
---------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=hpfsched
---------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 6/12/2003, 9:38:8)
[rename]
NUL=c:\windows\TEMP\GLB1A2B.exe
NUL=C:\PROGRA~1\ADVANC~1\\UNWISE.exe
---------------------
C:\AUTOEXEC.BAT listing:
C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.exe C:\
IF ERRORLEVEL 1 PAUSE
path C:\WINDOWS;C:\WINDOWS\COMMAND
SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
---------------------

Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\windows\system\ktdoekhs.dll - {F67EFA7B-FDE0-3B06-5DC9-DC860B7F553F}
(no name) - C:\windows\system\trhsdwpg.dll - {71FB3E0C-3ED4-1AA3-7943-C4E639CABD38}
---------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
---------------------
Enumerating Download Program Files:
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37849.8935648148
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/21b0ab1be176afefb701/netzip/RdxIE601.cab
[Pixami Image Editor Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\BPIMAG~1.OCX
CODEBASE = http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
[CFForm Runtime]
InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
CODEBASE = http://www.pbcprc.com/CFIDE/classes/CFJava.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
---------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
---------------------
End of report, 6,573 bytes
Report generated in 0.141 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Sponsored Link

Ads by Google

windows 7 classic taskbar bootmgr is missing windows 7 microsoft multimedia keyboard 1.0a	microsoft multimedia keyboard 1.0a driver download primax one touch 5300 microsoft c download
See More

I think our office has an...

Norton keeps shutting dow...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: help - review hijackthis

Please Help, Have hijackthis log

Summary

www.computing.net/answers/security/please-help-have-hijackthis-log/17580.html

Help with Hijackthis log

Summary

www.computing.net/answers/security/help-with-hijackthis-log/18159.html

Help Globofind-HiJackThis Log File

Summary

www.computing.net/answers/security/help-globofindhijackthis-log-file/18129.html

From the Geek Dictionary
Vaporware - Duke Nukem Forever.

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
sound through HDMI on gfx card?

Get a certain line in file

Booting Macbook from Ubuntu Cd

factory restore

Windows XP Virtual Disk

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE