📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Problem with internet explorer pt.2

Options
ACID
ACID Posts: 1,209 Forumite
in Techie Stuff
well this is the original thread

http://forums.moneysavingexpert.com/showthread.html?t=52932

but after installing sp2

now when i go to sites such as hotmail as before, no longer does the popup box appear

good news you think, well afraid not

now all that happens when i submit the info, iss the screen closes
thats it

anyone know any info on this?
«1

Comments

  • bp10885
    bp10885 Posts: 25 Forumite
    post a hijack this log if possible
    Regards

    Baiju
  • ACID
    ACID Posts: 1,209 Forumite
    Logfile of HijackThis v1.99.1
    Scan saved at 10:35:12, on 11/05/05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AOL 8.0\waol.exe
    C:\Program Files\AOL 8.0\shellmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\DOCUME~1\RSGILL~1\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\RSGILL~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: (no name) - !!78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\appwiz.dll
    O2 - BHO: (no name) - {D8A9A1BB-3F79-37AF-5B80-6653070A14C7} - C:\WINDOWS\System32\xkeznpkb.dll
    O2 - BHO: (no name) - {ED8491BB-124A-029B-76B0-567E373A39F7} - C:\WINDOWS\System32\xkeznpkb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
    O8 - Extra context menu item: &Check Spelling - res://C:\Program

    Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program

    Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth

    Software\btsendto_ie_ctx.htm
    O9 - Extra button: ieSpell - !!0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program

    Files\ieSpell\ieSpell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - !!0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program

    Files\ieSpell\ieSpell.dll
    O9 - Extra button: (no name) - !!1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program

    Files\ieSpell\ieSpell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - !!1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -

    C:\Program Files\ieSpell\ieSpell.dll
    O9 - Extra button: Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

    Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} -

    C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

    Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

    C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted IP range: 81.222.131.59 (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!45A79CDA-DF1D-4563-B277-B8742496AE3D}: NameServer =

    152.163.0.26 205.188.64.153
    O17 - HKLM\System\CCS\Services\Tcpip\..\!!9D1FDEF6-26C5-4851-A50D-F01B47C1CB8D}: NameServer =

    205.188.146.145
    O21 - SSODL: SysTray.Exsh - {E1B7D0BE-5f02-4255-96DB-388DFA241900} -

    C:\WINDOWS\System32\oilldcgd.dll
    O21 - SSODL: SysTray.Exdc - {F1B7D0BE-5f02-4255-96DB-388DFA241900} -

    C:\WINDOWS\System32\mnoaeghn.dll
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

    C:\WINDOWS\wanmpsvc.exe
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    found thisin the log

    O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s boese.gif
    Nasty Added as a result of the TROJ/AGENT-V TROJAN!
    Hit rate: 99 % (result) Must be fixed!

    O15 - Trusted IP range: 81.222.131.59 (HKLM) boese.gif
    Nasty If you did not add these pages to your trusted pages, they

    using this online scanner

    http://www.hijackthis.de/index.php#anl
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    slso this

    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
    (Description: Added by the TROJ/DLOADER-FC TROJAN! )

    Delete the file kernels32.exe which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\


    looking at the log file you seem to have no Anti-Virus or Active firewall either, download and install Avg free edition and scan and install Sygate or zonealarm free firewalls
    Ex forum ambassador

    Long term forum member
  • ACID
    ACID Posts: 1,209 Forumite
    i deleted them
    but it appears to have come back, pretty sure of it, ill check msconfig on run and see if its there

    AVAST, AVG, F-SECURE DIDNT DETECT THIS SVCHOST FILE
    prob cos its a common file, im unsure
    but didnt test hotmail pages
    ill update yous in the evening

    thanks for the advice
  • T4i
    T4i Posts: 1,845 Forumite
    Part of the Furniture Combo Breaker
    ACID - You got system restore turned off when trying to get rid of it?
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    yes, and you need to shut internet explorer, delete your temporary internet files (do it from control panel, Intenet Options) then remove the hijack this options mentioned, then reboot into safe mode and run Anti virus straight away ....
    Ex forum ambassador

    Long term forum member
  • ACID
    ACID Posts: 1,209 Forumite
    HI JUST DID THAT, AND AFTER AVAST FINDING NOTHING infected

    i beliveve it is still running

    i see it in task manager, as it has 13,000 of memerory usage
    and the fiel is caled svchost.exe

    and when i click start, run
    then type in msconfig, and click the startup tab

    svchost is stil there , with the box chcked

    despite me uncheckign this every time?/

    i refuse to give up, but feel choice is limited??
  • ACID
    ACID Posts: 1,209 Forumite
    the end then.
  • Nex0
    Nex0 Posts: 913 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    You tried Microsoft Antispyware? its free
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture