Problem still occurs after O4 file deletion

  1. 06-04-2005  #1
    Oscar AT
    Oscar AT is offline Junior Member

    Problem still occurs after O4 file deletion

    I've been reading up on what you guys have said about Spyware and junk, and so I downloaded the Hijack This program and I've used it for a few times deleting the files that owen said you should look up and remove if necessary. I removed all the filed that the website he recommended said weren't good, or necessary, and still I have a problem. My computer would originally crash when I would try to acces the internet, or if I was connected to the internet. So after doing the Hijack This stuff, my computer doesn't freeze up anymore, but I still have spyware or adware. I think it might be a DSO Exploit problem. But in any case, here is my current Hijack This log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:57:52 PM, on 4/5/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    C:\WINDOWS\SYSTEM\SUCD32.EXE
    C:\WINDOWS\SYSTEM\STLWPP.EXE
    C:\WINDOWS\SYSTEM\DZRT4.EXE
    C:\WINDOWS\SYSTEM\JQG4RNU.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\RmtQCB55.exe
    O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    O4 - HKLM\..\Run: [qpoR36h] SUCD32.EXE
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [bE75RWNtW] STLWPP.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msdioo.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\SYSTEM\MSCGDC.DLL

    Is this okay, or is there still some stuff I have to delete? some of the O4 files I could have deleted I did not delete, because the website owen recommended, could not find anything on them. So, any help would be great.
  2. 06-04-2005  #2
    Jaynee
    Jaynee is offline Senior Member
    it is best to google every entry...... http://searchmiracle.com/sp.php
  3. 18-04-2005  #3
    owen
    owen is offline D-A-L Team Member (UK)
    Hiya Oscar AT,
    There are a lot of obvious problems in your log but its been a while since you posted it. If you still require help, could you post a fresh log.
  4. 18-04-2005  #4
    Oscar AT
    Oscar AT is offline Junior Member
    Certainly. Here it is:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:05:46 PM, on 4/18/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\WINDOWS\SYSTEM\DP-MGR32.EXE
    C:\WINDOWS\SYSTEM\DMSHOST.EXE
    C:\WINDOWS\SYSTEM\HCJ2S6.EXE
    C:\WINDOWS\SYSTEM\IWEH9T.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\WUAUCLT.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\OkrN0Z44.exe
    O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [qpoR36h] DP-MGR32.EXE
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [bE75RWNtW] DMSHOST.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msdioo.exe
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKCU\..\RunServices: [bE75RWNtW] DMSHOST.EXE
    O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msdioo.exe
    O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\SYSTEM\MSCGDC.DLL

    Hope that helps you. I've only deleted a couple of things that related to the searchmiracle.com stuff.
  5. 19-04-2005  #5
    owen
    owen is offline D-A-L Team Member (UK)
    Download PeperFix from http://downloads.subratam.org/PeperFix.exe. Leave it now, we'll use it later.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\OkrN0Z44.exe
    O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [qpoR36h] DP-MGR32.EXE
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKCU\..\Run: [bE75RWNtW] DMSHOST.EXE
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msdioo.exe
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKCU\..\RunServices: [bE75RWNtW] DMSHOST.EXE
    O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msdioo.exe
    O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\SYSTEM\MSCGDC.DLL

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\PROGRAM FILES\TV MEDIA
    C:\WINDOWS\SYSTEM\ELITESUH32.EXE
    c:\Program Files\AutoUpdate
    C:\WINDOWS\SYSTEM\DP-MGR32.EXE
    C:\WINDOWS\SYSTEM\DMSHOST.EXE
    C:\WINDOWS\SYSTEM\msdioo.exe
    C:\WINDOWS\SYSTEM\MSCGDC.DLL

    Reboot and post a fresh log
  6. 20-04-2005  #6
    Oscar AT
    Oscar AT is offline Junior Member
    Okay, I did what you said. Here's my new logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:22:26 PM, on 4/20/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\HCJ2S6.EXE
    C:\WINDOWS\SYSTEM\DZRT4.EXE
    C:\WINDOWS\WUAUCLT.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\OkrN0Z44.exe
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [qpoR36h] DP-MGR32.EXE
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  7. 20-04-2005  #7
    owen
    owen is offline D-A-L Team Member (UK)
    Damn, braniac here (me) missed at instruction. Could you boot back into Safe Mode, fix this entry in Hijack This:

    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\OkrN0Z44.exe

    Then run the PeperFix you downloaded earlier.

    Then reboot and post a fresh log.
  8. 21-04-2005  #8
    Oscar AT
    Oscar AT is offline Junior Member
    I think I did what you said. Here's the logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:52:01 PM, on 4/20/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\WINDOWS\WUAUCLT.EXE

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\RmtQCB55.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  9. 21-04-2005  #9
    owen
    owen is offline D-A-L Team Member (UK)
    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\RmtQCB55.exe

    Click Fix Checked

    Reboot and post a fresh log
  10. 25-04-2005  #10
    Oscar AT
    Oscar AT is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Sorry, I took a few days' hiatus...here's the new logfile.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:07:26 PM, on 4/25/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TVMBHO.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O4 - HKCU\..\RunServices: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« Hijack This log | hijack this log »