1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Browser is Infected and Malfunctioning I.E. 6.0

Discussion in 'Virus & Other Malware Removal' started by Mazinger4, Apr 25, 2004.

Thread Status:
Not open for further replies.
  1. Mazinger4

    Mazinger4 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    8
    I ve been infected with a program that resets Internet explorer to an unwanted start page and undesirable favorite sites. Ive tried many things but nothing seems to help. Ive run the hack this, and here is the log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:33:19 AM, on 4/25/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\THOTKEY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\S3TRAY.EXE
    C:\TOSHIBA\IVP\ISM\PINGER.EXE
    C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
    C:\WINDOWS\SYSTEM\PWRTRAY.EXE
    C:\WINDOWS\SYSTEM\PSPCCARD.EXE
    C:\WINDOWS\SYSTEM\TESCKEY.EXE
    C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
    C:\WINDOWS\SYSTEM\TCDPBTN.EXE
    C:\WINDOWS\SYSTEM\TWBBTN.EXE
    C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM32\WINPROC32.EXE
    C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
    C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE
    C:\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\MY DOWNLOADS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
    O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
    O4 - HKLM\..\Run: [TOSHIBSU] TOSHIBSU.EXE
    O4 - HKLM\..\Run: [THotkey] THotkey.exe
    O4 - HKLM\..\Run: [TDspOff] TDspOff.Exe B
    O4 - HKLM\..\Run: [PowerTray] PwrTray.EXE
    O4 - HKLM\..\Run: [PsPCCard] PsPCCard.EXE
    O4 - HKLM\..\Run: [TEscKey] TEscKey.exe
    O4 - HKLM\..\Run: [TFunckey] TFuncKey.exe
    O4 - HKLM\..\Run: [TCDPbtn] TCDPbtn.exe
    O4 - HKLM\..\Run: [TWBbtn] TWBbtn.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [sys] regedit -s sys.reg
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [THotkey] THotkey.Exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
    O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
    O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\SYSTEM32\WINPROC32.EXE
    O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\SYSTEM32\DEINST_QFE002.EXE
    O4 - HKCU\..\Run: [SPYKILLER] C:\PROGRAM FILES\ANONYMIZER\SK\SPYWAREKILLER.EXE /BOOT
    O4 - Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Startup: Microsoft Data Helper.lnk = C:\WINDOWS\cihost.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: Support (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

    _________________________________________________________________

    Ive learned that cihost needs to be stopped and then removed because it is present in this file. Bu I cannot find the file anywhere in my system.
    Ive tried running ProcView to stop the process and then delete it with HackThis but it does not show in it.
    What can I do. Ive searched the web but no luck so far. Please help.
    __________________
    Dichosos los muertos que mueren viviendo
    Pobres los vivos que viven muriendo;
    Happy the dead that died living
    Doom the living that live dying...
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223721

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice