• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Bert Hof

MXTARGET.DLL and pop-ups

5 posts in this topic

Hi there, pop-ups keep returning when I use Internet and I cannot delete the file MXTARGET.DLL. Norton and McAfee do not find viruses. AdAware and Spybot do not fix the problem. HijackThis also does not do the trick. Below is my HijackThis log. If someone knows how to solve this problem: please help!

 

Thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 13:40:29, on 15/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\DRVLSNR.EXE

C:\WINDOWS\SYSTEM\HKCMD.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\SYSTEM\DDHCIWCJ.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAMSHOF\HIJACKTHIS.EXE

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe

O4 - HKLM\..\Run: [dcsdkdvwtw] C:\WINDOWS\SYSTEM\ddhciwcj.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7875.1302314815

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...375/mcfscan.cab

Share this post


Link to post
Share on other sites

Hi

First, restart in Safe mode and please run hijack and place a check in the following entries.

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

 

O4 - HKLM\..\Run: [dcsdkdvwtw] C:\WINDOWS\SYSTEM\ddhciwcj.exe

Close ALL browsers and all other open windows, except hijackthis.,

Then select Fix Checked

 

To unhide hidden files,

  • On desktop doubleclick My Computer and select View and click Details
  • Again select View >Folder Options
  • Under the View tab,
    • Tick show all files
    • Untick hide file extensions for all file types. Select Apply then OK

Open an IE and select Tools> Internet options and delete all temporary internet files and tick "delete offline content"

Then find and delete the following files

C:\ temp <--delete all possible files in this folder

C:\windows\ temp <--delete all possible files in this folder

 

Select Start-> Settings-> Control panel-> add/remove and select and remove the following programs if present:

  • -Twain tech

While still in safe mode, find and delete the following files/folders if they still exist:

C:\WINDOWS\SYSTEM\ ddhciwcj.exe <--delete only this file

C:\WINDOWS\ MXTARGET.DLL <--delete only this file

 

Then, in hijack go to "Config" and select "ignorelist" at the top. If anything is listed in that window, select "delete all".

Then go to Start> Run and type msconfig and hit OK. Under the "General" tab, insure that "Normal startup" is selected.

 

Restart your system

Hijack has a newer version, 1.98.

http://209.133.47.12/~merijn/files/HijackThis.exe

Save to hijack folder and post a fresh log from 1.98.

Edited by pfofit

Share this post


Link to post
Share on other sites

Hi, installed Hijack 1.98 and did all the things you suggested. Seems to have helped, thanks!

 

I deleted all the files from the windows\temp directory (i.e., I put them in my recycle bin). Question about that: this included deleting .exe files, like patch.exe. This is not a problem?

 

Below is my log file from the new Hijack after doing all the stuff.

 

Logfile of HijackThis v1.98.0

Scan saved at 12:35:53, on 16/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAMSHOF\HIJACKTHIS.EXE

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHELPER.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe

O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...375/mcfscan.cab

Share this post


Link to post
Share on other sites

Hi again Bert. well done.

 

If you ever wonder about a specific file, you can rightclick on it and select properties and the version tab and see what product and company name is associated with the file.

 

Patch.exe: one posibility for patch.exe is that it is an email virus that came as a fake patch from microsoft.

 

In light of that, lets do a free online virus scan and delete anything it finds from:

To complete your clean up, do a free online trojan scan as well and delete anything it finds from:

Once you get a clean bill of health from them, then you need to visit windows updates. You are vulnerable with IE 5.5. Install all of the latest critical updates . You may need a couple of trips. Keep going back until there are no more critical updates.

 

Bert, below is my standard speech

--------------------------------------------------------------------------------------------------------------

Let me know how your system is working.

pfofit

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0