Thank you for your guide on how to prepare a post for Hijck This (You Must Read This Before Posting A Hijackthis Log.)
I am running Windows 98 SE and have been experiencing some confusion over the appearance of a message during boot up that states: "LZ32.DLL file cannot start. Check the file to determine the problem."
Other peculiarities include: Power Management and Volume Control icons disappearing from the system tray.
Inability to access display settings (either through control panel or video card control software).
Google toolbar disappeared from Internet Explorer even though it is checked under View->Toolbars.
I believe I have done everything that was suggested by your tutorial
1) Ran Ad-aware SE according to the recommended custom settings.
2) Did NOT run CWShredder as the download is a trial version and I am a little leery of exactly what such offers can do for me. (ie. Will it run a check and withold solutions pending "registration"?)
3) Ran Spybot S&D.
Checked for updates and ran program. No spybots were found. Immunized system.
4) Ran Panda software ActiveScan. 14 viruses detected. All detected viruses cleaned (although, during the scan, the summary indicated that only 4 of the 14 viruses found were cleaned.)
5) Downloaded and ran TDS-3. Summary of scan indicated 6 alarms. Displayed several messages indicating "dual extensions". One "positive identification (embedded in file)" message (file resides in windows 98 backup.
6) Performed a Windows Update that involved downloading and installing critical updates deemed as such by Microsoft.
7) Enabled all programs handled by ZDNet Startup Manager to load on subsequent reboot of system. System tray was heavily loaded with startup programs and many error windows (LZ32.DLL included, which has appeared intermittently before today).
8) Ran Hijack This and saved a log of the process.
Here are the results:
Logfile of HijackThis v1.99.0
Scan saved at 3:44:51 PM, on 4/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SETI@HOME\[email protected]
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ASUS\PROBE\ASUSPROB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\GAH95ON6.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\RCMAN.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\ASUS\SMARTDOCTOR\VGAPROBE.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\OSDMENU.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\RC\EAX.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\REMOTECENTER\CENTER\RCENTER.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
C:\PROGRAM FILES\ASUS\PROBE\COOLING.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\TASKGUIDE\UPDTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MOTIVE\ENCMNSVR.EXE
C:\MYSQL\BIN\WINMYSQLADMIN.EXE
C:\PROGRAM FILES\NETASSISTANT\BIN\MPBTN.EXE
C:\MYSQL\BIN\MYSQLD-OPT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LOOK Communications Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=c:\lotsuite\smartctr\SmartCtr
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\[email protected] -min
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Program Files\ASUS\Tweaking Utilities\atstart.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [Creative Launcher] C:\PROGRAM FILES\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [kszbjrdn] C:\WINDOWS\SYSTEM\ghxvqqlc.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\TEMP\MSBB.EXE
O4 - HKLM\..\Run: [mswspl] C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\Creative\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\Rcman.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [xitami] C:\XITAMI\XIWIN32.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal Firewall\persfw.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\VGAProbe.exe FirstTime
O4 - HKCU\..\Run: [NOMAD Detector] "C:\PROGRAM FILES\CREATIVE\SBLIVE\PLAYCENTER2\CTNMRUN.EXE"
O4 - Startup: Image.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Startup: iTouch.lnk = C:\Program Files\Logitech\ITOUCH\iTouch.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\Motive\EnCmnSvr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Winzip81\WZQKPICK.EXE
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .rsm;jsessionid=235D51A65876F83674DEEAA538B337B1: C:\PROGRA~1\INTERN~1\PLUGINS\npchime.dll
O12 - Plugin for .cub: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .emb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .gau: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mol: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .mop: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .skc: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .embl: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .cube: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csm: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .csml: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .dx: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .spt: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\Plugins\npchime.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://reports.mindl...load/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
Is my problem with LZ32.DLL related to any of the above information? Are there other, unrelated problems in this log?
Please advise.
Regards,
Will