1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Task Manager Help

Discussion in 'Virus & Other Malware Removal' started by pcpfactory, Sep 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    I HAVE TWO PROCESSES IN TASK MANAGER THAT ARE LABELED IEXPLORE.EXE
    WHEN I TRY TO END THEM THEY STAY THERE, SOMETIMES CHANGING NAMES BUT IMMEDIATELY COME BACK AS IEXPLORE.EXE, ALSO I DON'T KNOW WHAT PROCESSES ARE NECESSARY AND WHAT ARE BAD, PLEASE HELP ME REMOVE THEM. I HAVE WINDOWS XP
    I HAVE RUN AD-AWARE, PC-POWERSCAN, REGISTRY MECHANIC,SPYWARE DOCTOR AND XOFT SPY, I HAVE TDS-3 AND SPYBOT BUT NEITHER SEEM TO DO ANYTHING WHEN I CLICK THEM
    FOLLOWING IS MY HIJACK THIS LOG

    Logfile of HijackThis v1.97.7
    Scan saved at 4:44:31 PM, on 9/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\winbas12.exe
    C:\WINDOWS\System32\msnqmgr.exe
    C:\WINDOWS\System32\ktjbiqh.exe
    C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    C:\WINDOWS\4fd43.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    C:\WINDOWS\System32\ATMFD749.exe
    C:\Program Files\LIUtilities\WinTasks\wintasks.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Common files\updater\wupdater.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Kitty Cat\Local Settings\Temporary Internet Files\Content.IE5\W98DY7CH\HijackThis[1].exe
    C:\WINDOWS\System32\odbccr32.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jtcloufbntjfud.com/CCfe9TnmBLvjwXgG6FUwoo1VdfD5nusJ//ylCr4xXcEYDFXaDMjBxGU2LDEeYr8_.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
    O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
    O2 - BHO: (no name) - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\V8WZjORLt.dll
    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
    O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\Run: [wfqarazsgu] C:\WINDOWS\System32\ktjbiqh.exe
    O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
    O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\sys_xp.exe
    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://directplugin.com/tl7000.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    Hi pcpfactory,

    I suggest you to follow these steps :

    1° - Download a free version of AVG --> http://free.grisoft.com/freeweb.php/doc/2/
    - Download Ad-aware --> www.lavasoftusa.com
    - Download the last version of HijackThis 1.98.2 --> http://www.tomcoyote.org/hjt/
    2° - Install the softwares and upgrade AVG and Ad-aware to get the last definition lists
    3° - Purge your Internet Explorer cache : Control panel / Internet Options / General tab / Delete files and delete cookies
    4° - Reboot and log in safe mode (hit the F8 function key)
    5° - Run a complete scan AVG;
    6° - Run Ad-aware (smart scan) - select all bad entries and click next button;
    7° - Reboot and log as usual;
    8° - Run the new version of HijackThis and post the new log in this thread.
     
  3. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    i tried to download the anti-virus program but when double click it to regester it goes to a window with a setup option i click on it and it just ends i did update adaware and followed prewious instructions so heres my new hijack this log

    Logfile of HijackThis v1.98.2
    Scan saved at 7:26:35 PM, on 9/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\winbas12.exe
    C:\WINDOWS\System32\msnqmgr.exe
    C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    C:\WINDOWS\4fd43.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    C:\WINDOWS\System32\ATMFD749.exe
    C:\Program Files\LIUtilities\WinTasks\wintasks.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\WINDOWS\System32\odbccr32.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qjaluhgcgpwhifp.com/CCfe9TnmBLvjwXgG6FUwoo1VdfD5nusJ//ylCr4xXcF17W4/KNV2wGU2LDEeYr8_.cgi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kitty Cat\Application Data\Mozilla\Profiles\default\awyb0c70.slt\prefs.js)
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)
    O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe
    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\V8WZjORLt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
    O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe
    O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe
    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe
    O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe
    O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
    O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
    O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe
    O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\sys_xp.exe
    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe
    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
    O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe
    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe
    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014

    You have some big probs, but I'll let someone with more experience with HJT analyze this, but this entries are NOT good.
     
  5. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    I have just started to look at your HijackThis.log. I stopped after the 3rd trojan horse.
    Your system is very ill. Did you make a complete antivirus scan with McAfee ? If it's so, your software is obsolete or your virus definition list is too old.
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I'm moving this to the Security forum.
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qjaluhgcgpwhifp.com/CCfe...GU2LDEeYr8_.cgi

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

    R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

    O2 - BHO: (no name) - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)

    O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - (no file)

    O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)

    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll

    O2 - BHO: (no name) - {B78C428C-7223-5BD2-7BBF-7EDF3D92BE47} - C:\PROGRA~1\COALFI~1\flag mpeg.exe

    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll

    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\V8WZjORLt.dll

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

    O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe

    O4 - HKLM\..\Run: [Spe] C:\documents and settings\kitty cat\local settings\temp\Spe.exe

    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

    O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe

    O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe

    O4 - HKLM\..\Run: [dIQ] C:\documents and settings\kitty cat\local settings\temp\dIQ.exe

    O4 - HKLM\..\Run: [4fd43.exe] 4fd43.exe

    O4 - HKLM\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKLM\..\Run: [SMx1uiyk] C:\documents and settings\kitty cat\local settings\temp\SMx1uiyk.exe

    O4 - HKLM\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O4 - HKLM\..\Run: [iisac] C:\WINDOWS\Help\iisac.exe

    O4 - HKLM\..\Run: [ae2436f958c5] C:\WINDOWS\System32\ATMFD749.exe

    O4 - HKLM\..\Run: [*iisac] C:\WINDOWS\Help\iisac.exe

    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

    O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\Config\expdrv.exe

    O4 - HKLM\..\Run: [PLUS BYTE] C:\PROGRA~1\CLOSEF~1\manager rule 01.exe

    O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

    O4 - HKLM\..\RunOnce: [*expdrv] C:\WINDOWS\Config\expdrv.exe rerun

    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe

    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe

    O4 - HKCU\..\Run: [HB2qRXbqP] shfscard.exe

    O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\sys_xp.exe

    O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\sysdoor.exe

    O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe

    O4 - HKCU\..\Run: [Vigcp] C:\WINDOWS\System32\lfh.exe

    O4 - HKCU\..\Run: [wpds.exe] C:\WINDOWS\System32\doriot.exe

    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab


    Restart to safe mode.

    How to start your computer in safe mode

    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now find and delete these files:

    C:\Documents and Settings\Kitty Cat\Application Data\ttuh.exe
    C:\Program Files\winbas12.exe
    C:\WINDOWS\4fd43.exe
    C:\WINDOWS\systask32l.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\WINDOWS\Help\iisac.exe
    C:\WINDOWS\System32\WINdirect.exe
    C:\WINDOWS\System32\doriot.exe
    C:\WINDOWS\System32\ATMFD749.exe
    C:\WINDOWS\System32\msnqmgr.exe
    C:\WINDOWS\System32\odbccr32.exe
    C:\WINDOWS\System32\sys_xp.exe
    C:\WINDOWS\System32\sysdoor.exe
    C:\WINDOWS\System32\WINdirect.exe
    C:\WINDOWS\System32\lfh.exe
    C:\WINDOWS\System32\doriot.exe
    C:\WINDOWS\System32\ln32k.exe
    shfscard.exe


    Delete these folders:

    C:\WINDOWS\system32\pcs
    C:\Program Files\CLOSEF~
    C:\Program Files\COALFI~1

    I don't know the exact names of these folders, but the first one will begin with CLOSEF and will contain the manager rule 01.exe file. The second will begin with COALFI and will contain the flag mpeg.exe file. These folders must be found and deleted.

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Next navigate to the C:\Documents and Settings\kitty cat\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    Click here to download the LOP uninstaller. Close all browser windows and run the uninstaller.

    When it is finished restart your computer.



    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    When you are sure you are clean turn it back on and create a restore point.


    Go here and do an online virus scan.

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.
     
  8. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    I BELIEVE AFTER ALMOST 24 HOURS OF SCANS AND DELETING WE HAVE FIXED?MY PROBLEM EVEN SO HERE'S MY NEW (AND FINAL?) HIJACK THIS LOG

    Logfile of HijackThis v1.98.2
    Scan saved at 6:25:42 PM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Config\expdrv.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...dfD5nusJ//ylCr4xXcF5uupD0h2jR2U2LDEeYr8_.html
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

    please help i would like to be finished
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...U2LDEeYr8_.html

    O2 - BHO: CATLEvents Object - {BF755B85-EA69-4F58-9A59-D85F384A15FF} - C:\DOCUME~1\KITTYC~1\LOCALS~1\Temp\vrdpxe.dat

    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kitty Cat\Local Settings\Temp\yuSm.dll

    O4 - HKCU\..\Run: [odbccr32] C:\WINDOWS\System32\odbccr32.exe


    Restart to safe mode and delete the C:\WINDOWS\System32\odbccr32.exe.

    Navigate to the C:\Documents and Settings\kitty cat\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin
     
  10. pcpfactory

    pcpfactory Thread Starter

    Joined:
    Sep 9, 2004
    Messages:
    10
    i have done the final? cleanup here's my new log

    Logfile of HijackThis v1.98.2
    Scan saved at 9:25:12 PM, on 9/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Documents and Settings\Kitty Cat\Desktop\Stinky\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...dfD5nusJ//ylCr4xXcF5uupD0h2jR2U2LDEeYr8_.html
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\LIUtilities\WinTasks\wintasks.exe traybar
    O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4390/mcfscan.cab

    hopefully my comp is no longer ill
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I don't know why this one isn't going away:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fvlfsustfbatlklblzcsxtgn...U2LDEeYr8_.html

    Restart your computer.

    go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Task Manager Help
  1. Dano2
    Replies:
    0
    Views:
    377
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272522

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice