I know it is lexplore and hoped that a newer machine would not get infected (it was only a small file I transfered, just one). I was so happy without lexplore and now it is running around my newer laptop and affecting it worse than ME. Me so happy now that lexplore has been exposed and HJT is here to help me! I have bought several PGM's for my old LTE and they never worked. The packard bell (WIN95) lasted only a few weeks after a long sabatical. I am somewhat of a Ludite, and do not need a current machine on a 26.4k dial-up. It was hard enough to give up the 8088. (tears) Oh,.. for the simple years of slide-rules, pencils and paper, back when you could put a good record on and listen to the label for hours on-end.
So, my geekish compadres, here is the stuff for 'Diablo lexploro':
Logfile of HijackThis v1.99.1
Scan saved at 2:07:19 PM, on 1/7/2007 (the clock is hosed again)
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: NOTEPAD.lnk = C:\WINDOWS\NOTEPAD.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf&blobkey=id&blobtable=MungoBlobs&blobwhere=1130825948863&ssbinary=true: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.2 CE
HijackThis 1.99.1
InterVideo WinDVD 4
WlanUtility
Put the PDF reader on this machine too, got it from a friend on a CD for looking at a manual for the Dart.
Seem to recall the infection around that time, but can not say for sure.
You guys are the best and Thanks so much for keeping on top of this stuff- I never wanted to be an IT specialist- I just wanted to use the machine. I do, as you can tell use the Internet and wished the Web page designers would offer low-fi for us Ludites who never saw a Nova or a dongle. I did see one of the first valves though, and love the distortion of them and AM radio. There is something beautiful in the analog world that words can not describe. It is distortion. It is what made the Roll in the Rock.
Jim
Edited by I8lexplore, 10 January 2007 - 09:09 PM.