Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Iexplore

Started by mikeiscool , Apr 24 2005 02:40 PM

  • Please log in to reply

#1
mikeiscool
Posted 24 April 2005 - 02:40 PM

mikeiscool

    New Member

  • Member
  • Pip
  • 2 posts
Can someone please help me? I am not exactly a genius when it comes to computers, so I need some help with a problem. My computer was starting to run slow, so I went under CTRL+ALT+Delete and tried to get rid of something called Iexplore. I would select it and press End Task, and then get rid of it, but it would always keep coming back. When I went on my computer the next morning, Iexplore had completely filled up my computer. When I went to CTRL+ALT+Delete, there were probably over a hundred occurrences of Iexplore. I had to shut down my computer and restart it, but Iexplore kept coming back every time I would delete it. I am trying to get rid of this, but I have no idea how to. If someone could help, I would appreciate it. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:35:36 PM, on 4/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8TENO9IJ\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://vevgea.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-more.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.find-more.net/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://vevgea.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PeoplePC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\SYSTEM\CDSM32.DLL
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497 - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25 - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.jzwtwmwix...JBMprZ0Ko.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dnc0owbf.slt\prefs.js)
O1 - Hosts: 64.14.40.138 www.letssearch.com
O1 - Hosts: 64.14.40.138 www.searchex.com
O1 - Hosts: 64.14.40.138 search2.cometsystems.com
O1 - Hosts: 64.14.40.138 search.cometsystems.com
O1 - Hosts: 64.14.40.138 www.searchresult.net
O1 - Hosts: 64.14.40.138 www.xupiter.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\WINDOWS\SYSTEM\SZIEBHO.dll
O2 - BHO: (no name) - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - (no file)
O2 - BHO: Hecksixth - {C972D783-B87A-51C0-D417-982A654C8406} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {70527BE4-399B-134F-C2EA-C5EE789400CE} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [qyutyqwf] C:\WINDOWS\SYSTEM\tfdvdnsy.exe
O4 - HKLM\..\Run: [SysSearch] REGEDIT.EXE -s c:\ireg.reg
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YaPU5l] C:\YPCEDTC.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\pmknpv.exe
O4 - HKLM\..\Run: [EE5N76LK.EXE] C:\WINDOWS\EE5N76LK.EXE /dk
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [WAITREFWEBBIAS] C:\WINDOWS\Application Data\live dash wait ref\Castaim.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [STOPzilla Service] C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\mstask.exe
O4 - HKCU\..\Run: [More store] C:\WINDOWS\APPLIC~1\SECOND~1\soap draw.exe
O4 - Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - Startup: Z5Y30OFY.lnk = C:\WINDOWS\z5y30ofy.exe
O4 - Startup: 1GIBO38Y.lnk = C:\WINDOWS\1gibo38y.exe
O4 - Startup: 4KZDE02J.lnk = C:\WINDOWS\y065gpne.exe
O4 - Startup: DHJC7MAP.lnk = C:\WINDOWS\dhjc7map.exe
O4 - Startup: ILPOLM5G.lnk = C:\WINDOWS\ilpolm5g.exe
O4 - Startup: 9U1U4WN8.lnk = C:\WINDOWS\y065gpne.exe
O4 - Startup: F0C2VA7Z.lnk = C:\WINDOWS\f0c2va7z.exe
O4 - Startup: B1EDW0MW.lnk = C:\WINDOWS\b1edw0mw.exe
O4 - Startup: RIHDXTCU.lnk = C:\WINDOWS\rihdxtcu.exe
O4 - Startup: QL69UEDL.lnk = C:\WINDOWS\ql69uedl.exe
O4 - Startup: 71DUCHJR.lnk = C:\WINDOWS\71duchjr.exe
O4 - Startup: 6JX0MTDF.lnk = C:\WINDOWS\6jx0mtdf.exe
O4 - Startup: HDYIW7IE.lnk = C:\WINDOWS\y065gpne.exe
O4 - Startup: Y065GPNE.lnk = C:\WINDOWS\y065gpne.exe
O4 - Startup: 605GJIUT.lnk = C:\WINDOWS\605gjiut.exe
O4 - Startup: 3R3LMUZN.lnk = C:\WINDOWS\3r3lmuzn.exe
O4 - Startup: 3QJ3MH8E.lnk = C:\WINDOWS\3qj3mh8e.exe
O4 - Startup: 3DZBDOL3.lnk = C:\WINDOWS\3dzbdol3.exe
O4 - Startup: 3OUGAIT8.lnk = C:\WINDOWS\3ougait8.exe
O4 - Startup: 2IRP8Z9W.lnk = C:\WINDOWS\2irp8z9w.exe
O4 - Startup: 1U8ZVGF0.lnk = C:\WINDOWS\1u8zvgf0.exe
O4 - Startup: kpit.exe
O4 - Startup: OKZMTE59.lnk = C:\WINDOWS\okzmte59.exe
O4 - Startup: Q8H1W7XZ.lnk = C:\WINDOWS\q8h1w7xz.exe
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: MX9IX4XF.lnk = C:\WINDOWS\mx9ix4xf.exe
O4 - Startup: IN3Y5JMV.lnk = C:\WINDOWS\in3y5jmv.exe
O4 - Startup: CVMIGBZV.lnk = C:\WINDOWS\cvmigbzv.exe
O4 - Startup: CYZ7H7TX.lnk = C:\WINDOWS\cyz7h7tx.exe
O4 - Startup: CIOU6MYG.lnk = C:\WINDOWS\ciou6myg.exe
O4 - Startup: CA30J5KM.lnk = C:\WINDOWS\ca30j5km.exe
O4 - Startup: O9OR2M62.lnk = C:\WINDOWS\o9or2m62.exe
O4 - Global Startup: DHJC7MAP.lnk = C:\WINDOWS\dhjc7map.exe
O4 - Global Startup: REEDZ5W1.lnk = C:\WINDOWS\reedz5w1.exe
O4 - Global Startup: F0C2VA7Z.lnk = C:\WINDOWS\f0c2va7z.exe
O4 - Global Startup: 09KHZN4N.lnk = C:\WINDOWS\09khzn4n.exe
O4 - Global Startup: 1GIBO38Y.lnk = C:\WINDOWS\1gibo38y.exe
O4 - Global Startup: ILPOLM5G.lnk = C:\WINDOWS\ilpolm5g.exe
O4 - Global Startup: U2RAFEY2.lnk = ?
O4 - Global Startup: O9OR2M62.lnk = C:\WINDOWS\o9or2m62.exe
O4 - Global Startup: EM57HZCI.lnk = C:\WINDOWS\em57hzci.exe
O4 - Global Startup: 0VQM0JOC.lnk = M:\SETUP.EXE
O4 - Global Startup: PBBLJUWZ.lnk = C:\WINDOWS\pbbljuwz.exe
O4 - Global Startup: Y065GPNE.lnk = C:\WINDOWS\y065gpne.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign...scandl_cnry.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {10101010-1010-1111-1010-101010101011} - mhtml:C:\\WINX.MHT!http://216.240.137.41/counter/ie.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Protocol hijack: mhtml -
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP